TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fde42701861f55befe62e7382a5fccb199dea6c5 / . / library / x509write.c
blob: adeb55123887092c4fa2bd2dfe9f116c16d11d16 [file] [log] [blame]
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1/*
2 * X509 buffer writing functionality
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_X509_WRITE_C)
29
30#include "polarssl/asn1write.h"
31#include "polarssl/x509write.h"
32#include "polarssl/x509.h"
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]33#include "polarssl/md.h"
34#include "polarssl/oid.h"
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]35
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]36#if defined(POLARSSL_MEMORY_C)
37#include "polarssl/memory.h"
38#else
39#include <stdlib.h>
40#define polarssl_malloc malloc
41#define polarssl_free free
42#endif
43
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]44void x509write_csr_init( x509_csr *ctx )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]45{
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]46 memset( ctx, 0, sizeof(x509_csr) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]47}
48
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]49void x509write_csr_free( x509_csr *ctx )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]50{
51 x509_req_name *cur;
52
53 while( ( cur = ctx->subject ) != NULL )
54 {
55 ctx->subject = cur->next;
56 polarssl_free( cur );
57 }
58
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]59 memset( ctx, 0, sizeof(x509_csr) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]60}
61
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]62void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]63{
64 ctx->md_alg = md_alg;
65}
66
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]67void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]68{
69 ctx->rsa = rsa;
70}
71
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]72int x509write_csr_set_subject_name( x509_csr *ctx, char *subject_name )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]73{
74 int ret = 0;
75 char *s = subject_name, *c = s;
76 char *end = s + strlen( s );
77 char *oid = NULL;
78 int in_tag = 1;
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]79 x509_req_name *cur;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]80
81 while( ctx->subject )
82 {
83 cur = ctx->subject;
84 ctx->subject = ctx->subject->next;
85 polarssl_free( cur );
86 }
87
88 while( c <= end )
89 {
90 if( in_tag && *c == '=' )
91 {
92 if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
93 oid = OID_AT_CN;
94 else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
95 oid = OID_AT_COUNTRY;
96 else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
97 oid = OID_AT_ORGANIZATION;
98 else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
99 oid = OID_AT_LOCALITY;
100 else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
101 oid = OID_PKCS9_EMAIL;
102 else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
103 oid = OID_AT_ORG_UNIT;
104 else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
105 oid = OID_AT_STATE;
106 else
107 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]108 ret = POLARSSL_ERR_X509WRITE_UNKNOWN_OID;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]109 goto exit;
110 }
111
112 s = c + 1;
113 in_tag = 0;
114 }
115
116 if( !in_tag && ( *c == ',' || c == end ) )
117 {
118 if( c - s > 127 )
119 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]120 ret = POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]121 goto exit;
122 }
123
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]124 cur = polarssl_malloc( sizeof(x509_req_name) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]125
126 if( cur == NULL )
127 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]128 ret = POLARSSL_ERR_X509WRITE_MALLOC_FAILED;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]129 goto exit;
130 }
131
132 memset( cur, 0, sizeof(x509_req_name) );
133
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]134 cur->next = ctx->subject;
135 ctx->subject = cur;
136
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]137 strncpy( cur->oid, oid, strlen( oid ) );
138 strncpy( cur->name, s, c - s );
139
140 s = c + 1;
141 in_tag = 1;
142 }
143 c++;
144 }
145
146exit:
147
148 return( ret );
149}
150
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame^]151void x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
152{
153 ctx->key_usage = key_usage;
154}
155
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]156int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]157{
158 int ret;
159 unsigned char *c;
160 size_t len = 0;
161
162 c = buf + size - 1;
163
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]164 /*
165 * RSAPublicKey ::= SEQUENCE {
166 * modulus INTEGER, -- n
167 * publicExponent INTEGER -- e
168 * }
169 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]170 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
171 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
172
173 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
174 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
175
176 if( c - buf < 1 )
177 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
178
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]179 /*
180 * SubjectPublicKeyInfo ::= SEQUENCE {
181 * algorithm AlgorithmIdentifier,
182 * subjectPublicKey BIT STRING }
183 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]184 *--c = 0;
185 len += 1;
186
187 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
188 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
189
190 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) );
191
192 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
193 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
194
195 return( len );
196}
197
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]198int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]199{
200 int ret;
201 unsigned char *c;
202 size_t len = 0;
203
204 c = buf + size - 1;
205
206 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
207 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
208 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
209 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
210 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
211 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
212 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
213 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
214 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
215
216 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
217 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
218
219 // TODO: Make NON RSA Specific variant later on
220/* *--c = 0;
221 len += 1;
222
223 len += asn1_write_len( &c, len);
224 len += asn1_write_tag( &c, ASN1_BIT_STRING );
225
226 len += asn1_write_oid( &c, OID_PKCS1_RSA );
227
228 len += asn1_write_int( &c, 0 );
229
230 len += asn1_write_len( &c, len);
231 len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/
232
233/* for(i = 0; i < len; ++i)
234 {
235 if (i % 16 == 0 ) printf("\n");
236 printf("%02x ", c[i]);
237 }
238 printf("\n");*/
239
240 return( len );
241}
242
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]243static int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
244 char *name )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]245{
246 int ret;
247 size_t string_len = 0;
248 size_t oid_len = 0;
249 size_t len = 0;
250
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]251 // Write PrintableString for all except OID_PKCS9_EMAIL
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]252 //
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]253 if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) &&
254 memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 )
255 {
256 ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) );
257 }
258 else
259 ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]260
261 // Write OID
262 //
263 ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );
264
265 len = oid_len + string_len;
266 ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) );
267 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
268
269 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
270 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
271
272 return( len );
273}
274
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]275static int x509_write_sig( unsigned char **p, unsigned char *start,
276 const char *oid, unsigned char *sig, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]277{
278 int ret;
279 size_t len = 0;
280
281 if( *p - start < (int) size + 1 )
282 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
283
284 len = size;
285 (*p) -= len;
286 memcpy( *p, sig, len );
287
288 *--(*p) = 0;
289 len += 1;
290
291 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
292 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
293
294 // Write OID
295 //
296 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid ) );
297
298 return( len );
299}
300
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]301int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]302{
303 int ret;
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]304 const char *sig_oid;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]305 unsigned char *c, *c2;
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]306 unsigned char hash[64];
307 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]308 unsigned char tmp_buf[2048];
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame^]309 size_t sub_len = 0, pub_len = 0, sig_len = 0, ext_len = 0;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]310 size_t len = 0;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]311 x509_req_name *cur = ctx->subject;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]312
313 c = tmp_buf + 2048 - 1;
314
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame^]315 /*
316 * Extension ::= SEQUENCE {
317 * extnID OBJECT IDENTIFIER,
318 * extnValue OCTET STRING }
319 */
320 if( ctx->key_usage )
321 {
322 ASN1_CHK_ADD( ext_len, asn1_write_bitstring( &c, tmp_buf, &ctx->key_usage, 6 ) );
323 ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
324 ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_OCTET_STRING ) );
325 ASN1_CHK_ADD( ext_len, asn1_write_oid( &c, tmp_buf, OID_KEY_USAGE ) );
326 ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
327 ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
328 }
329
330 if( ext_len )
331 {
332 ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
333 ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
334
335 ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
336 ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SET ) );
337
338 ASN1_CHK_ADD( ext_len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ ) );
339
340 ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
341 ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
342 }
343
344 len += ext_len;
345 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, ext_len ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]346 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
347
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]348 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
349 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]350
351 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
352 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
353
354 if( c - tmp_buf < 1 )
355 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
356
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]357 /*
358 * AlgorithmIdentifier ::= SEQUENCE {
359 * algorithm OBJECT IDENTIFIER,
360 * parameters ANY DEFINED BY algorithm OPTIONAL }
361 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]362 *--c = 0;
363 pub_len += 1;
364
365 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
366 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
367
368 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
369
370 len += pub_len;
371 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
372 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
373
374 while( cur != NULL )
375 {
376 ASN1_CHK_ADD( sub_len, x509_write_name( &c, tmp_buf, cur->oid, cur->name ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]377
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]378 cur = cur->next;
379 }
380
381 len += sub_len;
382 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
383 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
384
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]385 /*
386 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
387 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]388 ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
389
390 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
391 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]392
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]393 md( md_info_from_type( ctx->md_alg ), c, len, hash );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]394
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]395 rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]396
397 // Generate correct OID
398 //
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]399 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]400
401 c2 = buf + size - 1;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]402 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]403
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]404 c2 -= len;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]405 memcpy( c2, c, len );
406
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]407 len += sig_len;
408 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
409 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
410
411 return( len );
412}
413
414#endif