mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Refactor the provider side DER constants and writers

Browse Source 
This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
their own files.  This also ensures that the DIGEST consstants aren't
reproduced in several files (resulting in symbol clashes).

Finally, the production of OID macros is moved to the generated header
files, allowing other similar macros, or DER constant arrays, to be
built on top of them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11868)
This commit is contained in:
Richard Levitte 2020-05-19 10:43:49 +02:00
parent c2f2db9b6f
commit a30027b680
20 changed files with 224 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
providers/common/der/DIGESTS.asn1
View File

@ -1,5 +1,22 @@
-- -------------------------------------------------------------------
-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
-- From https://tools.ietf.org/html/rfc4055#section-2.1
id-sha1 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) oiw(14)
secsig(3) algorithms(2) 26 }
-- -------------------------------------------------------------------
-- From https://tools.ietf.org/html/rfc5480#appendix-A
-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5)
id-md2 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
-- -------------------------------------------------------------------
-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }

19
providers/common/der/RSA.asn1
View File

@ -52,25 +52,6 @@ sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 }
sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 }
--
-- This OID really belongs in a module with the secsig OIDs.
--
id-sha1 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)
26
}
--
-- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5.
--
id-md2 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2
}
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
}
--
-- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
-- MUST be present and MUST be a HashAlgorithm, for example, sha1.

30
providers/common/der/build.info
View File

@ -1,32 +1,36 @@
$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c
$FIPSABLE=\
der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \
der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \
der_ec_gen.c der_ec_key.c der_ec_sig.c \
der_digests_gen.c
SOURCE[../../libfips.a]=$FIPSABLE
SOURCE[../../libnonfips.a]=$FIPSABLE
GENERATE[der_rsa.c]=der_rsa.c.in
DEPEND[der_rsa.c]=oids_to_c.pm
GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in
DEPEND[der_rsa_gen.c]=oids_to_c.pm
DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in
DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm
GENERATE[der_dsa.c]=der_dsa.c.in
DEPEND[der_dsa.c]=oids_to_c.pm
GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in
DEPEND[der_dsa_gen.c]=oids_to_c.pm
DEPEND[der_dsa.o]=../include/prov/der_dsa.h
DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h
GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in
DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm
GENERATE[der_ec.c]=der_ec.c.in
DEPEND[der_ec.c]=oids_to_c.pm
GENERATE[der_ec_gen.c]=der_ec_gen.c.in
DEPEND[der_ec_gen.c]=oids_to_c.pm
DEPEND[der_ec.o]=../include/prov/der_ec.h
DEPEND[der_ec_gen.o]=../include/prov/der_ec.h
GENERATE[../include/prov/der_ec.h]=der_ec.h.in
DEPEND[../include/prov/der_ec.h]=oids_to_c.pm
GENERATE[der_digests.c]=der_digests.c.in
DEPEND[der_digests.c]=oids_to_c.pm
GENERATE[der_digests_gen.c]=der_digests_gen.c.in
DEPEND[der_digests_gen.c]=oids_to_c.pm
DEPEND[der_digests.o]=../include/prov/der_digests.h
DEPEND[der_digests_gen.o]=../include/prov/der_digests.h
GENERATE[../include/prov/der_digests.h]=der_digests.h.in
DEPEND[../include/prov/der_digests.h]=oids_to_c.pm

0
providers/common/der/der_digests.c.in → providers/common/der/der_digests_gen.c.in
View File

6
providers/common/der/der_dsa.h.in
View File

@ -16,6 +16,8 @@
filter => \&oids_to_c::filter_to_H });
-}
/* Subject Public Key Info */
int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa);
int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
DSA *dsa, int mdnid);
/* Signature */
int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
DSA *dsa, int mdnid);

17
providers/common/der/der_dsa_gen.c.in Normal file
View File

@ -0,0 +1,17 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_dsa.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

20
providers/common/der/der_dsa_key.c Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_dsa.h"
int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
{
return DER_w_begin_sequence(pkt, tag)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
&& DER_w_end_sequence(pkt, tag);
}

21
providers/common/der/der_dsa.c.in → providers/common/der/der_dsa_sig.c
View File

@ -7,33 +7,18 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/bn.h>
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_dsa.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}
int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
{
return DER_w_begin_sequence(pkt, tag)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
&& DER_w_end_sequence(pkt, tag);
}
#define MD_CASE(name) \
case NID_##name: \
precompiled = der_oid_id_dsa_with_##name; \
precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \
break;
int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
DSA *dsa, int mdnid)
int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
DSA *dsa, int mdnid)
{
const unsigned char *precompiled = NULL;
size_t precompiled_sz = 0;

6
providers/common/der/der_ec.h.in
View File

@ -16,6 +16,8 @@
filter => \&oids_to_c::filter_to_H });
-}
/* Subject Public Key Info */
int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec);
int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
EC_KEY *ec, int mdnid);
/* Signature */
int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
EC_KEY *ec, int mdnid);

17
providers/common/der/der_ec_gen.c.in Normal file
View File

@ -0,0 +1,17 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ec.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

21
providers/common/der/der_ec_key.c Normal file
View File

@ -0,0 +1,21 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_ec.h"
int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
sizeof(der_oid_id_ecPublicKey))
&& DER_w_end_sequence(pkt, cont);
}

22
providers/common/der/der_ec.c.in → providers/common/der/der_ec_sig.c
View File

@ -7,26 +7,10 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/bn.h>
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_ec.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}
int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
sizeof(der_oid_id_ecPublicKey))
&& DER_w_end_sequence(pkt, cont);
}
/* Aliases so we can have a uniform MD_CASE */
#define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1
#define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224
@ -40,8 +24,8 @@ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \
break;
int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
EC_KEY *ec, int mdnid)
int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
EC_KEY *ec, int mdnid)
{
const unsigned char *precompiled = NULL;
size_t precompiled_sz = 0;

8
providers/common/der/der_rsa.h.in
View File

@ -13,14 +13,16 @@
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
'providers/common/der/DIGESTS.asn1',
'providers/common/der/RSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_H });
-}
/* PSS parameters */
int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
const RSA_PSS_PARAMS_30 *pss);
/* Subject Public Key Info */
int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa);
int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
RSA *rsa, int mdnid);
/* Signature */
int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
RSA *rsa, int mdnid);

18
providers/common/der/der_rsa_gen.c.in Normal file
View File

@ -0,0 +1,18 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_rsa.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
'providers/common/der/RSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

61
providers/common/der/der_rsa.c.in → providers/common/der/der_rsa_key.c
View File

@ -7,21 +7,11 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/bn.h>
#include <openssl/obj_mac.h>
#include "internal/cryptlib.h"
#include "prov/der_rsa.h"
#include "prov/der_digests.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
'providers/common/der/DIGESTS.asn1',
'providers/common/der/RSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}
/* More complex pre-compiled sequences. TODO(3.0) refactor? */
/*-
* From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
@ -382,54 +372,3 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
&& DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
&& DER_w_end_sequence(pkt, tag);
}
/* Aliases so we can have a uniform MD_with_RSA_CASE */
#define der_oid_sha3_224WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
#define der_oid_sha3_256WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
#define der_oid_sha3_384WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
#define der_oid_sha3_512WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
#define MD_with_RSA_CASE(name, var) \
case NID_##name: \
var = der_oid_##name##WithRSAEncryption; \
var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \
break;
int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
RSA *rsa, int mdnid)
{
const unsigned char *precompiled = NULL;
size_t precompiled_sz = 0;
switch (mdnid) {
#ifndef FIPS_MODULE
MD_with_RSA_CASE(md2, precompiled);
MD_with_RSA_CASE(md5, precompiled);
MD_with_RSA_CASE(md4, precompiled);
MD_with_RSA_CASE(ripemd160, precompiled);
/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
#endif
MD_with_RSA_CASE(sha1, precompiled);
MD_with_RSA_CASE(sha224, precompiled);
MD_with_RSA_CASE(sha256, precompiled);
MD_with_RSA_CASE(sha384, precompiled);
MD_with_RSA_CASE(sha512, precompiled);
MD_with_RSA_CASE(sha512_224, precompiled);
MD_with_RSA_CASE(sha512_256, precompiled);
MD_with_RSA_CASE(sha3_224, precompiled);
MD_with_RSA_CASE(sha3_256, precompiled);
MD_with_RSA_CASE(sha3_384, precompiled);
MD_with_RSA_CASE(sha3_512, precompiled);
default:
return 0;
}
return DER_w_begin_sequence(pkt, tag)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
&& DER_w_end_sequence(pkt, tag);
}

64
providers/common/der/der_rsa_sig.c Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_rsa.h"
#include "prov/der_digests.h"
/* Aliases so we can have a uniform MD_with_RSA_CASE */
#define der_oid_sha3_224WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
#define der_oid_sha3_256WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
#define der_oid_sha3_384WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
#define der_oid_sha3_512WithRSAEncryption \
der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
#define MD_with_RSA_CASE(name, var) \
case NID_##name: \
var = der_oid_##name##WithRSAEncryption; \
var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \
break;
int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
RSA *rsa, int mdnid)
{
const unsigned char *precompiled = NULL;
size_t precompiled_sz = 0;
switch (mdnid) {
#ifndef FIPS_MODULE
MD_with_RSA_CASE(md2, precompiled);
MD_with_RSA_CASE(md5, precompiled);
MD_with_RSA_CASE(md4, precompiled);
MD_with_RSA_CASE(ripemd160, precompiled);
/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
#endif
MD_with_RSA_CASE(sha1, precompiled);
MD_with_RSA_CASE(sha224, precompiled);
MD_with_RSA_CASE(sha256, precompiled);
MD_with_RSA_CASE(sha384, precompiled);
MD_with_RSA_CASE(sha512, precompiled);
MD_with_RSA_CASE(sha512_224, precompiled);
MD_with_RSA_CASE(sha512_256, precompiled);
MD_with_RSA_CASE(sha3_224, precompiled);
MD_with_RSA_CASE(sha3_256, precompiled);
MD_with_RSA_CASE(sha3_384, precompiled);
MD_with_RSA_CASE(sha3_512, precompiled);
default:
return 0;
}
return DER_w_begin_sequence(pkt, tag)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
&& DER_w_end_sequence(pkt, tag);
}

12
providers/common/der/oids_to_c.pm
View File

@ -28,12 +28,19 @@ use Data::Dumper;
sub filter_to_H {
my ($name, $comment) = @{ shift() };
my @oid_nums = @_;
my $oid_size = scalar @oid_nums;
(my $C_comment = $comment) =~ s|^| * |msg;
$C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
(my $C_name = $name) =~ s|-|_|g;
my $C_bytes_size = 2 + scalar @_;
my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
return <<"_____";
extern const unsigned char der_oid_${C_name}[$C_bytes_size];
$C_comment
#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
#define DER_OID_SZ_${C_name} ${C_bytes_size}
extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}];
_____
}
@ -48,12 +55,9 @@ sub filter_to_C {
$C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
(my $C_name = $name) =~ s|-|_|g;
my $C_bytes_size = 2 + $oid_size;
my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
return <<"_____";
$C_comment
#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
#define DER_OID_SZ_${C_name} ${C_bytes_size}
const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = {
DER_OID_V_${C_name}
};

3
providers/implementations/signature/dsa.c
View File

@ -177,7 +177,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
&& DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid)
&& DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa,
md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);

2
providers/implementations/signature/ecdsa.c
View File

@ -238,7 +238,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
&& DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid)
&& DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);

3
providers/implementations/signature/rsa.c
View File

@ -254,7 +254,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
&& DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid)
&& DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa,
md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);