der_writer: Use uint32_t instead of long.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

der_writer: Use uint32_t instead of long.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18615)

show more ...

der: _ossl prefix DER functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13038)

Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo

Added der_writer functions for writing octet string primitives.
Generate OID's for key wrapp

Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo

Added der_writer functions for writing octet string primitives.
Generate OID's for key wrapping algorithms used by X942 KDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12554)

show more ...

DER writer: Make context-specific tags constructed (i.e. explicit)

For now, that's what we see being used. It's possible that we will
have to figure out a way to specific if these shoul

DER writer: Make context-specific tags constructed (i.e. explicit)

For now, that's what we see being used. It's possible that we will
have to figure out a way to specific if these should be implicit or
explicit on a case by case basis.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)

show more ...

DER writer: Add the possibility to abandon empty SEQUENCEs

In some cases, a SEQUENCE that contains only optional fields may end
up empty. In some cases, this may be represented by dropp

DER writer: Add the possibility to abandon empty SEQUENCEs

In some cases, a SEQUENCE that contains only optional fields may end
up empty. In some cases, this may be represented by dropping the
SEQUENCE entirely from the encoded DER.

To do this, we detect the case where WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH
is used, and adapt accordingly.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

show more ...

PROV: Add the beginning of a DER writing library

This library is meant to be small and quick. It's based on WPACKET,
which was extended to support DER writing. The way it's used is a

PROV: Add the beginning of a DER writing library

This library is meant to be small and quick. It's based on WPACKET,
which was extended to support DER writing. The way it's used is a
bit unusual, as it's used to write the structures backward into a
given buffer. A typical quick call looks like this:

/*
* Fill in this structure:
*
* something ::= SEQUENCE {
* id OBJECT IDENTIFIER,
* x [0] INTEGER OPTIONAL,
* y [1] BOOLEAN OPTIONAL,
* n INTEGER
* }
*/
unsigned char buf[nnnn], *p = NULL;
size_t encoded_len = 0;
WPACKET pkt;
int ok;

ok = WPACKET_init_der(&pkt, buf, sizeof(buf)
&& DER_w_start_sequence(&pkt, -1)
&& DER_w_bn(&pkt, -1, bn)
&& DER_w_boolean(&pkt, 1, bool)
&& DER_w_precompiled(&pkt, -1, OID, sizeof(OID))
&& DER_w_end_sequence(&pkt, -1)
&& WPACKET_finish(&pkt)
&& WPACKET_get_total_written(&pkt, &encoded_len)
&& (p = WPACKET_get_curr(&pkt)) != NULL;

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)

show more ...