diff options
| author | doug <> | 2015-06-13 09:16:42 +0000 | 
|---|---|---|
| committer | doug <> | 2015-06-13 09:16:42 +0000 | 
| commit | 849a51df02d5043870da5df23dfdf31811f83b2d (patch) | |
| tree | a27b9ffad4907a498705967e72ae3f35806d8f93 /src | |
| parent | 145df5a2af1fa22c5a5e2ca102fddede1c5c7dc6 (diff) | |
| download | openbsd-849a51df02d5043870da5df23dfdf31811f83b2d.tar.gz openbsd-849a51df02d5043870da5df23dfdf31811f83b2d.tar.bz2 openbsd-849a51df02d5043870da5df23dfdf31811f83b2d.zip | |
Explain the ASN.1 restriction that requires extra logic for encoding.
ok miod@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/bs_cbb.c | 20 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/bs_cbb.c | 20 | 
2 files changed, 36 insertions, 4 deletions
| diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c index 29312e104b..904edb9fb1 100644 --- a/src/lib/libssl/bs_cbb.c +++ b/src/lib/libssl/bs_cbb.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bs_cbb.c,v 1.9 2015/06/13 09:11:57 doug Exp $ */ | 1 | /* $OpenBSD: bs_cbb.c,v 1.10 2015/06/13 09:16:42 doug Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014, Google Inc. | 3 | * Copyright (c) 2014, Google Inc. | 
| 4 | * | 4 | * | 
| @@ -370,7 +370,23 @@ CBB_add_asn1_uint64(CBB *cbb, uint64_t value) | |||
| 370 | return 0; | 370 | return 0; | 
| 371 | 371 | ||
| 372 | for (i = 0; i < 8; i++) { | 372 | for (i = 0; i < 8; i++) { | 
| 373 | uint8_t byte = (value >> 8*(7-i)) & 0xff; | 373 | uint8_t byte = (value >> 8 * (7 - i)) & 0xff; | 
| 374 | |||
| 375 | /* | ||
| 376 | * ASN.1 restriction: first 9 bits cannot be all zeroes or | ||
| 377 | * all ones. Since this function only encodes unsigned | ||
| 378 | * integers, the only concerns are not encoding leading | ||
| 379 | * zeros and adding a padding byte if necessary. | ||
| 380 | * | ||
| 381 | * In practice, this means: | ||
| 382 | * 1) Skip leading octets of all zero bits in the value | ||
| 383 | * 2) After skipping the leading zero octets, if the next 9 | ||
| 384 | * bits are all ones, add an all zero prefix octet (and | ||
| 385 | * set the high bit of the prefix octet if negative). | ||
| 386 | * | ||
| 387 | * Additionally, for an unsigned value, add an all zero | ||
| 388 | * prefix if the high bit of the first octet would be one. | ||
| 389 | */ | ||
| 374 | if (!started) { | 390 | if (!started) { | 
| 375 | if (byte == 0) | 391 | if (byte == 0) | 
| 376 | /* Don't encode leading zeros. */ | 392 | /* Don't encode leading zeros. */ | 
| diff --git a/src/lib/libssl/src/ssl/bs_cbb.c b/src/lib/libssl/src/ssl/bs_cbb.c index 29312e104b..904edb9fb1 100644 --- a/src/lib/libssl/src/ssl/bs_cbb.c +++ b/src/lib/libssl/src/ssl/bs_cbb.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bs_cbb.c,v 1.9 2015/06/13 09:11:57 doug Exp $ */ | 1 | /* $OpenBSD: bs_cbb.c,v 1.10 2015/06/13 09:16:42 doug Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014, Google Inc. | 3 | * Copyright (c) 2014, Google Inc. | 
| 4 | * | 4 | * | 
| @@ -370,7 +370,23 @@ CBB_add_asn1_uint64(CBB *cbb, uint64_t value) | |||
| 370 | return 0; | 370 | return 0; | 
| 371 | 371 | ||
| 372 | for (i = 0; i < 8; i++) { | 372 | for (i = 0; i < 8; i++) { | 
| 373 | uint8_t byte = (value >> 8*(7-i)) & 0xff; | 373 | uint8_t byte = (value >> 8 * (7 - i)) & 0xff; | 
| 374 | |||
| 375 | /* | ||
| 376 | * ASN.1 restriction: first 9 bits cannot be all zeroes or | ||
| 377 | * all ones. Since this function only encodes unsigned | ||
| 378 | * integers, the only concerns are not encoding leading | ||
| 379 | * zeros and adding a padding byte if necessary. | ||
| 380 | * | ||
| 381 | * In practice, this means: | ||
| 382 | * 1) Skip leading octets of all zero bits in the value | ||
| 383 | * 2) After skipping the leading zero octets, if the next 9 | ||
| 384 | * bits are all ones, add an all zero prefix octet (and | ||
| 385 | * set the high bit of the prefix octet if negative). | ||
| 386 | * | ||
| 387 | * Additionally, for an unsigned value, add an all zero | ||
| 388 | * prefix if the high bit of the first octet would be one. | ||
| 389 | */ | ||
| 374 | if (!started) { | 390 | if (!started) { | 
| 375 | if (byte == 0) | 391 | if (byte == 0) | 
| 376 | /* Don't encode leading zeros. */ | 392 | /* Don't encode leading zeros. */ | 
