WPACKET: don't write DER length when we don't want to

With endfirst writing, it could be that we want to abandon any zero length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH was supposed to make happen, but the DER length writing code didn't look at that flag. Now it does. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11703)
2025-04-26 17:54:37 +00:00 · 2020-05-01 18:06:18 +02:00 · 2020-05-01 18:06:18 +02:00 · 12cbb8e049
commit 12cbb8e049
parent 200e5ee5a4
2 changed files with 13 additions and 1 deletions
--- a/crypto/packet.c
+++ b/crypto/packet.c
@ -265,7 +265,10 @@ static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
                && !put_value(&buf[sub->packet_len], packlen,
                              sub->lenbytes))
            return 0;
-    } else if (pkt->endfirst && sub->parent != NULL) {
+    } else if (pkt->endfirst && sub->parent != NULL
+               && (packlen != 0
+                   || (sub->flags
+                       & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) {
        size_t tmplen = packlen;
        size_t numlenbytes = 1;

--- a/test/wpackettest.c
+++ b/test/wpackettest.c
@ -360,6 +360,8 @@ static int test_WPACKET_init_der(void)
    unsigned char testdata[] = { 0x00, 0x01, 0x02, 0x03 };
    unsigned char testdata2[259]  = { 0x82, 0x01, 0x00 };
    size_t written[2];
+    size_t size1, size2;
+    int flags = WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH;
    int i;

    /* Test initialising for writing DER */
@ -370,6 +372,13 @@ static int test_WPACKET_init_der(void)
            || !TEST_true(WPACKET_memcpy(&pkt, testdata, sizeof(testdata)))
            || !TEST_true(WPACKET_close(&pkt))
            || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xfc))
+            /* this sub-packet is empty, and should render zero bytes */
+            || (!TEST_true(WPACKET_start_sub_packet(&pkt))
+                || !TEST_true(WPACKET_set_flags(&pkt, flags))
+                || !TEST_true(WPACKET_get_total_written(&pkt, &size1))
+                || !TEST_true(WPACKET_close(&pkt))
+                || !TEST_true(WPACKET_get_total_written(&pkt, &size2))
+                || !TEST_size_t_eq(size1, size2))
            || !TEST_true(WPACKET_finish(&pkt))
            || !TEST_true(WPACKET_get_total_written(&pkt, &written[0]))
            || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[0], simpleder,