diff options
Diffstat (limited to 'src/include/openssl/bytestring.h')
-rw-r--r-- | src/include/openssl/bytestring.h | 60 |
1 files changed, 41 insertions, 19 deletions
diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 39068096..25411c71 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -164,36 +164,34 @@ OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); #define CBS_ASN1_UNIVERSALSTRING 0x1cu #define CBS_ASN1_BMPSTRING 0x1eu -// CBS_ASN1_TAG_SHIFT is how much the in-memory representation shifts the class -// and constructed bits from the DER serialization. This allows representing tag -// numbers beyond 31. -// -// Consumers must use the following constants to decompose or assemble tags. -#define CBS_ASN1_TAG_SHIFT 24 - // CBS_ASN1_CONSTRUCTED may be ORed into a tag to toggle the constructed // bit. |CBS| and |CBB| APIs consider the constructed bit to be part of the // tag. -#define CBS_ASN1_CONSTRUCTED (0x20u << CBS_ASN1_TAG_SHIFT) +#define CBS_ASN1_CONSTRUCTED 0x20u -// The following values specify the tag class and may be ORed into a tag number -// to produce the final tag. If none is used, the tag will be UNIVERSAL. -#define CBS_ASN1_UNIVERSAL (0u << CBS_ASN1_TAG_SHIFT) -#define CBS_ASN1_APPLICATION (0x40u << CBS_ASN1_TAG_SHIFT) -#define CBS_ASN1_CONTEXT_SPECIFIC (0x80u << CBS_ASN1_TAG_SHIFT) -#define CBS_ASN1_PRIVATE (0xc0u << CBS_ASN1_TAG_SHIFT) +// The following values specify the constructed bit or tag class and may be ORed +// into a tag number to produce the final tag. If none is used, the tag will be +// UNIVERSAL. +// +// Note that although they currently match the DER serialization, consumers must +// use these bits rather than make assumptions about the representation. This is +// to allow for tag numbers beyond 31 in the future. +#define CBS_ASN1_APPLICATION 0x40u +#define CBS_ASN1_CONTEXT_SPECIFIC 0x80u +#define CBS_ASN1_PRIVATE 0xc0u -// CBS_ASN1_CLASS_MASK may be ANDed with a tag to query its class. This will -// give one of the four values above. -#define CBS_ASN1_CLASS_MASK (0xc0u << CBS_ASN1_TAG_SHIFT) +// CBS_ASN1_CLASS_MASK may be ANDed with a tag to query its class. +#define CBS_ASN1_CLASS_MASK 0xc0u // CBS_ASN1_TAG_NUMBER_MASK may be ANDed with a tag to query its number. -#define CBS_ASN1_TAG_NUMBER_MASK ((1u << (5 + CBS_ASN1_TAG_SHIFT)) - 1) +#define CBS_ASN1_TAG_NUMBER_MASK 0x1fu // CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not // including tag and length bytes) and advances |cbs| over it. The ASN.1 // element must match |tag_value|. It returns one on success and zero // on error. +// +// Tag numbers greater than 30 are not supported (i.e. short form only). OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value); // CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the @@ -211,12 +209,16 @@ OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value); // (not including tag and length bytes), sets |*out_tag| to the tag number, and // advances |*cbs|. It returns one on success and zero on error. Either of |out| // and |out_tag| may be NULL to ignore the value. +// +// Tag numbers greater than 30 are not supported (i.e. short form only). OPENSSL_EXPORT int CBS_get_any_asn1(CBS *cbs, CBS *out, unsigned *out_tag); // CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from // |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to // the tag number and |*out_header_len| to the length of the ASN.1 header. Each // of |out|, |out_tag|, and |out_header_len| may be NULL to ignore the value. +// +// Tag numbers greater than 30 are not supported (i.e. short form only). OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, size_t *out_header_len); @@ -279,6 +281,13 @@ OPENSSL_EXPORT int CBS_is_valid_asn1_bitstring(const CBS *cbs); // is indexed starting from zero. OPENSSL_EXPORT int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit); +// CBS_asn1_oid_to_text interprets |cbs| as DER-encoded ASN.1 OBJECT IDENTIFIER +// contents (not including the element framing) and returns the ASCII +// representation (e.g., "1.2.840.113554.4.1.72585") in a newly-allocated +// string, or NULL on failure. The caller must release the result with +// |OPENSSL_free|. +OPENSSL_EXPORT char *CBS_asn1_oid_to_text(const CBS *cbs); + // CRYPTO ByteBuilder. // @@ -394,7 +403,9 @@ OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); // CBB_add_asn1 sets |*out_contents| to a |CBB| into which the contents of an // ASN.1 object can be written. The |tag| argument will be used as the tag for -// the object. It returns one on success or zero on error. +// the object. Passing in |tag| number 31 will return in an error since only +// single octet identifiers are supported. It returns one on success or zero +// on error. OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag); // CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on @@ -443,6 +454,17 @@ OPENSSL_EXPORT void CBB_discard_child(CBB *cbb); // error. OPENSSL_EXPORT int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); +// CBB_add_asn1_oid_from_text decodes |len| bytes from |text| as an ASCII OID +// representation, e.g. "1.2.840.113554.4.1.72585", and writes the DER-encoded +// contents to |cbb|. It returns one on success and zero on malloc failure or if +// |text| was invalid. It does not include the OBJECT IDENTIFER framing, only +// the element's contents. +// +// This function considers OID strings with components which do not fit in a +// |uint64_t| to be invalid. +OPENSSL_EXPORT int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, + size_t len); + #if defined(__cplusplus) } // extern C |