diff options
Diffstat (limited to 'crypto/bytestring/internal.h')
-rw-r--r-- | crypto/bytestring/internal.h | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/crypto/bytestring/internal.h b/crypto/bytestring/internal.h index b4ea7e51..f4f4b9cd 100644 --- a/crypto/bytestring/internal.h +++ b/crypto/bytestring/internal.h @@ -22,22 +22,42 @@ extern "C" { #endif -/* CBS_asn1_ber_to_der reads an ASN.1 structure from |in|. If it finds - * indefinite-length elements then it attempts to convert the BER data to DER - * and sets |*out| and |*out_length| to describe a malloced buffer containing - * the DER data. Additionally, |*in| will be advanced over the ASN.1 data. +/* CBS_asn1_ber_to_der reads a BER element from |in|. If it finds + * indefinite-length elements or constructed strings then it converts the BER + * data to DER and sets |*out| and |*out_length| to describe a malloced buffer + * containing the DER data. Additionally, |*in| will be advanced over the BER + * element. * - * If it doesn't find any indefinite-length elements then it sets |*out| to - * NULL and |*in| is unmodified. + * If it doesn't find any indefinite-length elements or constructed strings then + * it sets |*out| to NULL and |*in| is unmodified. * - * A sufficiently complex ASN.1 structure will break this function because it's - * not possible to generically convert BER to DER without knowledge of the - * structure itself. However, this sufficies to handle the PKCS#7 and #12 output - * from NSS. + * This function should successfully process any valid BER input, however it + * will not convert all of BER's deviations from DER. BER is ambiguous between + * implicitly-tagged SEQUENCEs of strings and implicitly-tagged constructed + * strings. Implicitly-tagged strings must be parsed with + * |CBS_get_ber_implicitly_tagged_string| instead of |CBS_get_asn1|. The caller + * must also account for BER variations in the contents of a primitive. * * It returns one on success and zero otherwise. */ OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len); +/* CBS_get_asn1_implicit_string parses a BER string of primitive type + * |inner_tag| implicitly-tagged with |outer_tag|. It sets |out| to the + * contents. If concatenation was needed, it sets |*out_storage| to a buffer + * which the caller must release with |OPENSSL_free|. Otherwise, it sets + * |*out_storage| to NULL. + * + * This function does not parse all of BER. It requires the string be + * definite-length. Constructed strings are allowed, but all children of the + * outermost element must be primitive. The caller should use + * |CBS_asn1_ber_to_der| before running this function. + * + * It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out, + uint8_t **out_storage, + unsigned outer_tag, + unsigned inner_tag); + #if defined(__cplusplus) } /* extern C */ |