/src/gnutls/lib/x509/mpi.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
 * Copyright (C) 2015-2017 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "errors.h"
#include "global.h"
#include <libtasn1.h>
#include "datum.h"
#include "common.h"
#include "x509_int.h"
#include "num.h"
#include <limits.h>

/* Reads an Integer from the DER encoded data
 */

int _gnutls_x509_read_der_int(uint8_t *der, int dersize, bigint_t *out)
{
  int result;
  asn1_node spk = NULL;

  /* == INTEGER */
  if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
            "GNUTLS.DSAPublicKey", &spk)) !=
      ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  result = _asn1_strict_der_decode(&spk, der, dersize, NULL);

  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    asn1_delete_structure(&spk);
    return _gnutls_asn2err(result);
  }

  /* Read Y */

  if ((result = _gnutls_x509_read_int(spk, "", out)) < 0) {
    gnutls_assert();
    asn1_delete_structure(&spk);
    return _gnutls_asn2err(result);
  }

  asn1_delete_structure(&spk);

  return 0;
}

int _gnutls_x509_read_der_uint(uint8_t *der, int dersize, unsigned int *out)
{
  int result;
  asn1_node spk = NULL;

  /* == INTEGER */
  if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
            "GNUTLS.DSAPublicKey", &spk)) !=
      ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  result = _asn1_strict_der_decode(&spk, der, dersize, NULL);

  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    asn1_delete_structure(&spk);
    return _gnutls_asn2err(result);
  }

  /* Read Y */

  if ((result = _gnutls_x509_read_uint(spk, "", out)) < 0) {
    gnutls_assert();
    asn1_delete_structure(&spk);
    return _gnutls_asn2err(result);
  }

  asn1_delete_structure(&spk);

  return 0;
}

/* Extracts DSA and RSA parameters from a certificate.
 */
int _gnutls_get_asn_mpis(asn1_node asn, const char *root,
       gnutls_pk_params_st *params)
{
  int result;
  char name[256];
  gnutls_datum_t tmp = { NULL, 0 };
  gnutls_pk_algorithm_t pk_algorithm;
  gnutls_ecc_curve_t curve;

  gnutls_pk_params_init(params);

  result = _gnutls_x509_get_pk_algorithm(asn, root, &curve, NULL);
  if (result < 0) {
    gnutls_assert();
    return result;
  }

  pk_algorithm = result;
  params->curve = curve;
  params->algo = pk_algorithm;

  /* Read the algorithm's parameters
   */
  _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters");

  if (pk_algorithm != GNUTLS_PK_RSA &&
      pk_algorithm != GNUTLS_PK_EDDSA_ED25519 &&
      pk_algorithm != GNUTLS_PK_ECDH_X25519 &&
      pk_algorithm != GNUTLS_PK_EDDSA_ED448 &&
      pk_algorithm != GNUTLS_PK_ECDH_X448 &&
      pk_algorithm != GNUTLS_PK_MLDSA44 &&
      pk_algorithm != GNUTLS_PK_MLDSA65 &&
      pk_algorithm != GNUTLS_PK_MLDSA87) {
    /* RSA, EdDSA and ML-DSA algorithms do not use parameters */
    result = _gnutls_x509_read_value(asn, name, &tmp);
    if (pk_algorithm == GNUTLS_PK_RSA_PSS &&
        (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
         result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)) {
      goto skip_params;
    }
    if (result < 0) {
      gnutls_assert();
      goto error;
    }

    result = _gnutls_x509_read_pubkey_params(pk_algorithm, tmp.data,
               tmp.size, params);
    if (result < 0) {
      gnutls_assert();
      goto error;
    }

    _gnutls_free_datum(&tmp);
  }

skip_params:
  /* Now read the public key */
  _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey");

  result = _gnutls_x509_read_value(asn, name, &tmp);
  if (result < 0) {
    gnutls_assert();
    goto error;
  }

  if ((result = _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size,
                 params)) < 0) {
    gnutls_assert();
    goto error;
  }

  result = _gnutls_x509_check_pubkey_params(params);
  if (result < 0) {
    gnutls_assert();
    goto error;
  }

  result = 0;

error:
  if (result < 0)
    gnutls_pk_params_release(params);
  _gnutls_free_datum(&tmp);
  return result;
}

/* Extracts DSA and RSA parameters from a certificate.
 */
int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
            gnutls_pk_params_st *params)
{
  /* Read the algorithm's OID
   */
  return _gnutls_get_asn_mpis(
    cert->cert, "tbsCertificate.subjectPublicKeyInfo", params);
}

/* Extracts DSA and RSA parameters from a certificate.
 */
int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
            gnutls_pk_params_st *params)
{
  /* Read the algorithm's OID
   */
  return _gnutls_get_asn_mpis(
    cert->crq, "certificationRequestInfo.subjectPKInfo", params);
}

/*
 * This function reads and decodes the parameters for DSS or RSA keys.
 * This is the "signatureAlgorithm" fields.
 */
int _gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name,
            gnutls_x509_spki_st *spki, unsigned is_sig)
{
  int result;
  char name[128];
  char oid[MAX_OID_SIZE];
  int oid_size;

  memset(spki, 0, sizeof(*spki));

  _gnutls_str_cpy(name, sizeof(name), src_name);
  _gnutls_str_cat(name, sizeof(name), ".algorithm");

  oid_size = sizeof(oid);
  result = asn1_read_value(src, name, oid, &oid_size);

  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  if (strcmp(oid, PK_PKIX1_RSA_PSS_OID) == 0) {
    gnutls_datum_t tmp = { NULL, 0 };

    _gnutls_str_cpy(name, sizeof(name), src_name);
    _gnutls_str_cat(name, sizeof(name), ".parameters");

    result = _gnutls_x509_read_value(src, name, &tmp);
    if (result < 0) {
      if (!is_sig) {
        if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
            result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
          /* it is ok to not have parameters in SPKI, but
           * not in signatures */
          return 0;
        }
      }

      return gnutls_assert_val(result);
    }

    result = _gnutls_x509_read_rsa_pss_params(tmp.data, tmp.size,
                spki);
    _gnutls_free_datum(&tmp);

    if (result < 0)
      gnutls_assert();

    return result;
  } else if (strcmp(oid, PK_PKIX1_RSA_OAEP_OID) == 0) {
    gnutls_datum_t tmp = { NULL, 0 };

    _gnutls_str_cpy(name, sizeof(name), src_name);
    _gnutls_str_cat(name, sizeof(name), ".parameters");

    result = _gnutls_x509_read_value(src, name, &tmp);
    if (result < 0) {
      if (!is_sig) {
        if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
            result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
          /* it is ok to not have parameters in SPKI, but
           * not in signatures */
          return 0;
        }
      }

      return gnutls_assert_val(result);
    }

    result = _gnutls_x509_read_rsa_oaep_params(tmp.data, tmp.size,
                 spki);
    _gnutls_free_datum(&tmp);

    if (result < 0)
      gnutls_assert();

    return result;
  }

  return 0;
}

static int write_oid_and_params(asn1_node dst, const char *dst_name,
        const char *oid, gnutls_x509_spki_st *params)
{
  int result;
  char name[128];

  if (params == NULL) {
    gnutls_assert();
    return GNUTLS_E_INVALID_REQUEST;
  }

  _gnutls_str_cpy(name, sizeof(name), dst_name);
  _gnutls_str_cat(name, sizeof(name), ".algorithm");

  /* write the OID.
   */
  result = asn1_write_value(dst, name, oid, 1);
  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  _gnutls_str_cpy(name, sizeof(name), dst_name);
  _gnutls_str_cat(name, sizeof(name), ".parameters");

  if (params->pk == GNUTLS_PK_RSA)
    result = asn1_write_value(dst, name, ASN1_NULL, ASN1_NULL_SIZE);
  else if (params->pk == GNUTLS_PK_RSA_PSS) {
    gnutls_datum_t tmp = { NULL, 0 };

    result = _gnutls_x509_write_rsa_pss_params(params, &tmp);
    if (result < 0)
      return gnutls_assert_val(result);

    result = asn1_write_value(dst, name, tmp.data, tmp.size);
    _gnutls_free_datum(&tmp);
  } else
    result = asn1_write_value(dst, name, NULL, 0);

  if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
    /* Here we ignore the element not found error, since this
     * may have been disabled before.
     */
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  return 0;
}

int _gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name,
           gnutls_x509_spki_st *params)
{
  const char *oid;

  if (params->legacy && params->pk == GNUTLS_PK_RSA)
    oid = PK_PKIX1_RSA_OID;
  else if (params->pk == GNUTLS_PK_RSA_PSS)
    oid = PK_PKIX1_RSA_PSS_OID;
  else
    oid = gnutls_pk_get_oid(params->pk);

  if (oid == NULL) {
    gnutls_assert();
    _gnutls_debug_log(
      "Cannot find OID for public key algorithm %s\n",
      gnutls_pk_get_name(params->pk));
    return GNUTLS_E_INVALID_REQUEST;
  }

  return write_oid_and_params(dst, dst_name, oid, params);
}

int _gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name,
           const gnutls_sign_entry_st *se,
           gnutls_x509_spki_st *params)
{
  const char *oid;

  if (params->legacy && params->pk == GNUTLS_PK_RSA)
    oid = PK_PKIX1_RSA_OID;
  else if (params->pk == GNUTLS_PK_RSA_PSS)
    oid = PK_PKIX1_RSA_PSS_OID;
  else
    oid = se->oid;

  if (oid == NULL) {
    gnutls_assert();
    _gnutls_debug_log("Cannot find OID for sign algorithm %s\n",
          se->name);
    return GNUTLS_E_INVALID_REQUEST;
  }

  return write_oid_and_params(dst, dst_name, oid, params);
}

/* this function reads a (small) unsigned integer
 * from asn1 structs. Combines the read and the conversion
 * steps.
 */
int _gnutls_x509_read_uint(asn1_node node, const char *value, unsigned int *ret)
{
  int len, result;
  uint8_t tmpstr[5];

  len = 0;
  result = asn1_read_value(node, value, NULL, &len);
  if (result != ASN1_MEM_ERROR) {
    return _gnutls_asn2err(result);
  }

  if (len <= 0 || len > 5) {
    gnutls_assert();
    return GNUTLS_E_INTERNAL_ERROR;
  }

  result = asn1_read_value(node, value, tmpstr, &len);

  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  /* Negative integer in 2's complement format. */
  if (tmpstr[0] > SCHAR_MAX) {
    gnutls_assert();
    return GNUTLS_E_INTERNAL_ERROR;
  }

  if (len == 1)
    *ret = tmpstr[0];
  else if (len == 2)
    *ret = _gnutls_read_uint16(tmpstr);
  else if (len == 3)
    *ret = _gnutls_read_uint24(tmpstr);
  else if (len == 4)
    *ret = _gnutls_read_uint32(tmpstr);
  else if (len == 5) {
    if (tmpstr[0] != 0) {
      gnutls_assert();
      return GNUTLS_E_INTERNAL_ERROR;
    }
    *ret = _gnutls_read_uint32(tmpstr + 1);
  }

  return 0;
}

/* Writes the specified integer into the specified node.
 */
int _gnutls_x509_write_uint32(asn1_node node, const char *value, uint32_t num)
{
  uint8_t tmpstr[5];
  int result;

  tmpstr[0] = 0;
  _gnutls_write_uint32(num, tmpstr + 1);

  if (tmpstr[1] > SCHAR_MAX) {
    result = asn1_write_value(node, value, tmpstr, 5);
  } else {
    result = asn1_write_value(node, value, tmpstr + 1, 4);
  }

  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  return 0;
}

Coverage Report

Created: 2025-03-06 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2003-2012 Free Software Foundation, Inc.
3		* Copyright (C) 2015-2017 Red Hat, Inc.
4		*
5		* Author: Nikos Mavrogiannopoulos
6		*
7		* This file is part of GnuTLS.
8		*
9		* The GnuTLS is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU Lesser General Public License
11		* as published by the Free Software Foundation; either version 2.1 of
12		* the License, or (at your option) any later version.
13		*
14		* This library is distributed in the hope that it will be useful, but
15		* WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17		* Lesser General Public License for more details.
18		*
19		* You should have received a copy of the GNU Lesser General Public License
20		* along with this program. If not, see <https://www.gnu.org/licenses/>
21		*
22		*/
23
24		#include "gnutls_int.h"
25		#include "errors.h"
26		#include "global.h"
27		#include <libtasn1.h>
28		#include "datum.h"
29		#include "common.h"
30		#include "x509_int.h"
31		#include "num.h"
32		#include <limits.h>
33
34		/* Reads an Integer from the DER encoded data
35		*/
36
37		int _gnutls_x509_read_der_int(uint8_t der, int dersize, bigint_t out)
38	0	{
39	0	int result;
40	0	asn1_node spk = NULL;
41
42		/* == INTEGER */
43	0	if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
44	0	"GNUTLS.DSAPublicKey", &spk)) !=
45	0	ASN1_SUCCESS) {
46	0	gnutls_assert();
47	0	return _gnutls_asn2err(result);
48	0	}
49
50	0	result = _asn1_strict_der_decode(&spk, der, dersize, NULL);
51
52	0	if (result != ASN1_SUCCESS) {
53	0	gnutls_assert();
54	0	asn1_delete_structure(&spk);
55	0	return _gnutls_asn2err(result);
56	0	}
57
58		/* Read Y */
59
60	0	if ((result = _gnutls_x509_read_int(spk, "", out)) < 0) {
61	0	gnutls_assert();
62	0	asn1_delete_structure(&spk);
63	0	return _gnutls_asn2err(result);
64	0	}
65
66	0	asn1_delete_structure(&spk);
67
68	0	return 0;
69	0	}
70
71		int _gnutls_x509_read_der_uint(uint8_t der, int dersize, unsigned int out)
72	0	{
73	0	int result;
74	0	asn1_node spk = NULL;
75
76		/* == INTEGER */
77	0	if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
78	0	"GNUTLS.DSAPublicKey", &spk)) !=
79	0	ASN1_SUCCESS) {
80	0	gnutls_assert();
81	0	return _gnutls_asn2err(result);
82	0	}
83
84	0	result = _asn1_strict_der_decode(&spk, der, dersize, NULL);
85
86	0	if (result != ASN1_SUCCESS) {
87	0	gnutls_assert();
88	0	asn1_delete_structure(&spk);
89	0	return _gnutls_asn2err(result);
90	0	}
91
92		/* Read Y */
93
94	0	if ((result = _gnutls_x509_read_uint(spk, "", out)) < 0) {
95	0	gnutls_assert();
96	0	asn1_delete_structure(&spk);
97	0	return _gnutls_asn2err(result);
98	0	}
99
100	0	asn1_delete_structure(&spk);
101
102	0	return 0;
103	0	}
104
105		/* Extracts DSA and RSA parameters from a certificate.
106		*/
107		int _gnutls_get_asn_mpis(asn1_node asn, const char *root,
108		gnutls_pk_params_st *params)
109	0	{
110	0	int result;
111	0	char name[256];
112	0	gnutls_datum_t tmp = { NULL, 0 };
113	0	gnutls_pk_algorithm_t pk_algorithm;
114	0	gnutls_ecc_curve_t curve;
115
116	0	gnutls_pk_params_init(params);
117
118	0	result = _gnutls_x509_get_pk_algorithm(asn, root, &curve, NULL);
119	0	if (result < 0) {
120	0	gnutls_assert();
121	0	return result;
122	0	}
123
124	0	pk_algorithm = result;
125	0	params->curve = curve;
126	0	params->algo = pk_algorithm;
127
128		/* Read the algorithm's parameters
129		*/
130	0	_asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters");
131
132	0	if (pk_algorithm != GNUTLS_PK_RSA &&
133	0	pk_algorithm != GNUTLS_PK_EDDSA_ED25519 &&
134	0	pk_algorithm != GNUTLS_PK_ECDH_X25519 &&
135	0	pk_algorithm != GNUTLS_PK_EDDSA_ED448 &&
136	0	pk_algorithm != GNUTLS_PK_ECDH_X448 &&
137	0	pk_algorithm != GNUTLS_PK_MLDSA44 &&
138	0	pk_algorithm != GNUTLS_PK_MLDSA65 &&
139	0	pk_algorithm != GNUTLS_PK_MLDSA87) {
140		/* RSA, EdDSA and ML-DSA algorithms do not use parameters */
141	0	result = _gnutls_x509_read_value(asn, name, &tmp);
142	0	if (pk_algorithm == GNUTLS_PK_RSA_PSS &&
143	0	(result == GNUTLS_E_ASN1_VALUE_NOT_FOUND \|\|
144	0	result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)) {
145	0	goto skip_params;
146	0	}
147	0	if (result < 0) {
148	0	gnutls_assert();
149	0	goto error;
150	0	}
151
152	0	result = _gnutls_x509_read_pubkey_params(pk_algorithm, tmp.data,
153	0	tmp.size, params);
154	0	if (result < 0) {
155	0	gnutls_assert();
156	0	goto error;
157	0	}
158
159	0	_gnutls_free_datum(&tmp);
160	0	}
161
162	0	skip_params:
163		/* Now read the public key */
164	0	_asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey");
165
166	0	result = _gnutls_x509_read_value(asn, name, &tmp);
167	0	if (result < 0) {
168	0	gnutls_assert();
169	0	goto error;
170	0	}
171
172	0	if ((result = _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size,
173	0	params)) < 0) {
174	0	gnutls_assert();
175	0	goto error;
176	0	}
177
178	0	result = _gnutls_x509_check_pubkey_params(params);
179	0	if (result < 0) {
180	0	gnutls_assert();
181	0	goto error;
182	0	}
183
184	0	result = 0;
185
186	0	error:
187	0	if (result < 0)
188	0	gnutls_pk_params_release(params);
189	0	_gnutls_free_datum(&tmp);
190	0	return result;
191	0	}
192
193		/* Extracts DSA and RSA parameters from a certificate.
194		*/
195		int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
196		gnutls_pk_params_st *params)
197	0	{
198		/* Read the algorithm's OID
199		*/
200	0	return _gnutls_get_asn_mpis(
201	0	cert->cert, "tbsCertificate.subjectPublicKeyInfo", params);
202	0	}
203
204		/* Extracts DSA and RSA parameters from a certificate.
205		*/
206		int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
207		gnutls_pk_params_st *params)
208	0	{
209		/* Read the algorithm's OID
210		*/
211	0	return _gnutls_get_asn_mpis(
212	0	cert->crq, "certificationRequestInfo.subjectPKInfo", params);
213	0	}
214
215		/*
216		* This function reads and decodes the parameters for DSS or RSA keys.
217		* This is the "signatureAlgorithm" fields.
218		*/
219		int _gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name,
220		gnutls_x509_spki_st *spki, unsigned is_sig)
221	0	{
222	0	int result;
223	0	char name[128];
224	0	char oid[MAX_OID_SIZE];
225	0	int oid_size;
226
227	0	memset(spki, 0, sizeof(*spki));
228
229	0	_gnutls_str_cpy(name, sizeof(name), src_name);
230	0	_gnutls_str_cat(name, sizeof(name), ".algorithm");
231
232	0	oid_size = sizeof(oid);
233	0	result = asn1_read_value(src, name, oid, &oid_size);
234
235	0	if (result != ASN1_SUCCESS) {
236	0	gnutls_assert();
237	0	return _gnutls_asn2err(result);
238	0	}
239
240	0	if (strcmp(oid, PK_PKIX1_RSA_PSS_OID) == 0) {
241	0	gnutls_datum_t tmp = { NULL, 0 };
242
243	0	_gnutls_str_cpy(name, sizeof(name), src_name);
244	0	_gnutls_str_cat(name, sizeof(name), ".parameters");
245
246	0	result = _gnutls_x509_read_value(src, name, &tmp);
247	0	if (result < 0) {
248	0	if (!is_sig) {
249	0	if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND \|\|
250	0	result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
251		/* it is ok to not have parameters in SPKI, but
252		* not in signatures */
253	0	return 0;
254	0	}
255	0	}
256
257	0	return gnutls_assert_val(result);
258	0	}
259
260	0	result = _gnutls_x509_read_rsa_pss_params(tmp.data, tmp.size,
261	0	spki);
262	0	_gnutls_free_datum(&tmp);
263
264	0	if (result < 0)
265	0	gnutls_assert();
266
267	0	return result;
268	0	} else if (strcmp(oid, PK_PKIX1_RSA_OAEP_OID) == 0) {
269	0	gnutls_datum_t tmp = { NULL, 0 };
270
271	0	_gnutls_str_cpy(name, sizeof(name), src_name);
272	0	_gnutls_str_cat(name, sizeof(name), ".parameters");
273
274	0	result = _gnutls_x509_read_value(src, name, &tmp);
275	0	if (result < 0) {
276	0	if (!is_sig) {
277	0	if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND \|\|
278	0	result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
279		/* it is ok to not have parameters in SPKI, but
280		* not in signatures */
281	0	return 0;
282	0	}
283	0	}
284
285	0	return gnutls_assert_val(result);
286	0	}
287
288	0	result = _gnutls_x509_read_rsa_oaep_params(tmp.data, tmp.size,
289	0	spki);
290	0	_gnutls_free_datum(&tmp);
291
292	0	if (result < 0)
293	0	gnutls_assert();
294
295	0	return result;
296	0	}
297
298	0	return 0;
299	0	}
300
301		static int write_oid_and_params(asn1_node dst, const char *dst_name,
302		const char oid, gnutls_x509_spki_st params)
303	0	{
304	0	int result;
305	0	char name[128];
306
307	0	if (params == NULL) {
308	0	gnutls_assert();
309	0	return GNUTLS_E_INVALID_REQUEST;
310	0	}
311
312	0	_gnutls_str_cpy(name, sizeof(name), dst_name);
313	0	_gnutls_str_cat(name, sizeof(name), ".algorithm");
314
315		/* write the OID.
316		*/
317	0	result = asn1_write_value(dst, name, oid, 1);
318	0	if (result != ASN1_SUCCESS) {
319	0	gnutls_assert();
320	0	return _gnutls_asn2err(result);
321	0	}
322
323	0	_gnutls_str_cpy(name, sizeof(name), dst_name);
324	0	_gnutls_str_cat(name, sizeof(name), ".parameters");
325
326	0	if (params->pk == GNUTLS_PK_RSA)
327	0	result = asn1_write_value(dst, name, ASN1_NULL, ASN1_NULL_SIZE);
328	0	else if (params->pk == GNUTLS_PK_RSA_PSS) {
329	0	gnutls_datum_t tmp = { NULL, 0 };
330
331	0	result = _gnutls_x509_write_rsa_pss_params(params, &tmp);
332	0	if (result < 0)
333	0	return gnutls_assert_val(result);
334
335	0	result = asn1_write_value(dst, name, tmp.data, tmp.size);
336	0	_gnutls_free_datum(&tmp);
337	0	} else
338	0	result = asn1_write_value(dst, name, NULL, 0);
339
340	0	if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
341		/* Here we ignore the element not found error, since this
342		* may have been disabled before.
343		*/
344	0	gnutls_assert();
345	0	return _gnutls_asn2err(result);
346	0	}
347
348	0	return 0;
349	0	}
350
351		int _gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name,
352		gnutls_x509_spki_st *params)
353	0	{
354	0	const char *oid;
355
356	0	if (params->legacy && params->pk == GNUTLS_PK_RSA)
357	0	oid = PK_PKIX1_RSA_OID;
358	0	else if (params->pk == GNUTLS_PK_RSA_PSS)
359	0	oid = PK_PKIX1_RSA_PSS_OID;
360	0	else
361	0	oid = gnutls_pk_get_oid(params->pk);
362
363	0	if (oid == NULL) {
364	0	gnutls_assert();
365	0	_gnutls_debug_log(
366	0	"Cannot find OID for public key algorithm %s\n",
367	0	gnutls_pk_get_name(params->pk));
368	0	return GNUTLS_E_INVALID_REQUEST;
369	0	}
370
371	0	return write_oid_and_params(dst, dst_name, oid, params);
372	0	}
373
374		int _gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name,
375		const gnutls_sign_entry_st *se,
376		gnutls_x509_spki_st *params)
377	0	{
378	0	const char *oid;
379
380	0	if (params->legacy && params->pk == GNUTLS_PK_RSA)
381	0	oid = PK_PKIX1_RSA_OID;
382	0	else if (params->pk == GNUTLS_PK_RSA_PSS)
383	0	oid = PK_PKIX1_RSA_PSS_OID;
384	0	else
385	0	oid = se->oid;
386
387	0	if (oid == NULL) {
388	0	gnutls_assert();
389	0	_gnutls_debug_log("Cannot find OID for sign algorithm %s\n",
390	0	se->name);
391	0	return GNUTLS_E_INVALID_REQUEST;
392	0	}
393
394	0	return write_oid_and_params(dst, dst_name, oid, params);
395	0	}
396
397		/* this function reads a (small) unsigned integer
398		* from asn1 structs. Combines the read and the conversion
399		* steps.
400		*/
401		int _gnutls_x509_read_uint(asn1_node node, const char value, unsigned int ret)
402	0	{
403	0	int len, result;
404	0	uint8_t tmpstr[5];
405
406	0	len = 0;
407	0	result = asn1_read_value(node, value, NULL, &len);
408	0	if (result != ASN1_MEM_ERROR) {
409	0	return _gnutls_asn2err(result);
410	0	}
411
412	0	if (len <= 0 \|\| len > 5) {
413	0	gnutls_assert();
414	0	return GNUTLS_E_INTERNAL_ERROR;
415	0	}
416
417	0	result = asn1_read_value(node, value, tmpstr, &len);
418
419	0	if (result != ASN1_SUCCESS) {
420	0	gnutls_assert();
421	0	return _gnutls_asn2err(result);
422	0	}
423
424		/* Negative integer in 2's complement format. */
425	0	if (tmpstr[0] > SCHAR_MAX) {
426	0	gnutls_assert();
427	0	return GNUTLS_E_INTERNAL_ERROR;
428	0	}
429
430	0	if (len == 1)
431	0	*ret = tmpstr[0];
432	0	else if (len == 2)
433	0	*ret = _gnutls_read_uint16(tmpstr);
434	0	else if (len == 3)
435	0	*ret = _gnutls_read_uint24(tmpstr);
436	0	else if (len == 4)
437	0	*ret = _gnutls_read_uint32(tmpstr);
438	0	else if (len == 5) {
439	0	if (tmpstr[0] != 0) {
440	0	gnutls_assert();
441	0	return GNUTLS_E_INTERNAL_ERROR;
442	0	}
443	0	*ret = _gnutls_read_uint32(tmpstr + 1);
444	0	}
445
446	0	return 0;
447	0	}
448
449		/* Writes the specified integer into the specified node.
450		*/
451		int _gnutls_x509_write_uint32(asn1_node node, const char *value, uint32_t num)
452	0	{
453	0	uint8_t tmpstr[5];
454	0	int result;
455
456	0	tmpstr[0] = 0;
457	0	_gnutls_write_uint32(num, tmpstr + 1);
458
459	0	if (tmpstr[1] > SCHAR_MAX) {
460	0	result = asn1_write_value(node, value, tmpstr, 5);
461	0	} else {
462	0	result = asn1_write_value(node, value, tmpstr + 1, 4);
463	0	}
464
465	0	if (result != ASN1_SUCCESS) {
466	0	gnutls_assert();
467	0	return _gnutls_asn2err(result);
468	0	}
469
470	0	return 0;
471	0	}