diff options
author | jsing <> | 2022-05-09 19:19:33 +0000 |
---|---|---|
committer | jsing <> | 2022-05-09 19:19:33 +0000 |
commit | 295acdc1d1b92f8bf9f9e729590d5598c3bd0333 (patch) | |
tree | 44e4aa3383529610dcee9721a51440056792b424 /src/lib/libcrypto/asn1 | |
parent | 8cd405b40cda8503a806224763bb295465187159 (diff) | |
download | openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.tar.gz openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.tar.bz2 openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.zip |
Simplify X509_ATTRIBUTE ASN.1 encoding.
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r-- | src/lib/libcrypto/asn1/t_req.c | 21 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/x_attrib.c | 60 |
2 files changed, 17 insertions, 64 deletions
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c index cc9da46439..4b27a4ddbe 100644 --- a/src/lib/libcrypto/asn1/t_req.c +++ b/src/lib/libcrypto/asn1/t_req.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: t_req.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */ | 1 | /* $OpenBSD: t_req.c,v 1.22 2022/05/09 19:19:33 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -176,7 +176,6 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, | |||
176 | ASN1_TYPE *at; | 176 | ASN1_TYPE *at; |
177 | X509_ATTRIBUTE *a; | 177 | X509_ATTRIBUTE *a; |
178 | ASN1_BIT_STRING *bs = NULL; | 178 | ASN1_BIT_STRING *bs = NULL; |
179 | ASN1_TYPE *t; | ||
180 | int j, type = 0, count = 1, ii = 0; | 179 | int j, type = 0, count = 1, ii = 0; |
181 | 180 | ||
182 | a = sk_X509_ATTRIBUTE_value(sk, i); | 181 | a = sk_X509_ATTRIBUTE_value(sk, i); |
@@ -186,20 +185,12 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, | |||
186 | if (BIO_printf(bp, "%12s", "") <= 0) | 185 | if (BIO_printf(bp, "%12s", "") <= 0) |
187 | goto err; | 186 | goto err; |
188 | if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { | 187 | if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { |
189 | if (a->single) { | 188 | ii = 0; |
190 | t = a->value.single; | 189 | count = sk_ASN1_TYPE_num(a->set); |
191 | type = t->type; | ||
192 | bs = t->value.bit_string; | ||
193 | } else { | ||
194 | ii = 0; | ||
195 | count = sk_ASN1_TYPE_num( | ||
196 | a->value.set); | ||
197 | get_next: | 190 | get_next: |
198 | at = sk_ASN1_TYPE_value( | 191 | at = sk_ASN1_TYPE_value(a->set, ii); |
199 | a->value.set, ii); | 192 | type = at->type; |
200 | type = at->type; | 193 | bs = at->value.asn1_string; |
201 | bs = at->value.asn1_string; | ||
202 | } | ||
203 | } | 194 | } |
204 | for (j = 25 - j; j > 0; j--) | 195 | for (j = 25 - j; j > 0; j--) |
205 | if (BIO_write(bp, " ", 1) != 1) | 196 | if (BIO_write(bp, " ", 1) != 1) |
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c index 47b5afd95d..e8822a33a5 100644 --- a/src/lib/libcrypto/asn1/x_attrib.c +++ b/src/lib/libcrypto/asn1/x_attrib.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x_attrib.c,v 1.16 2021/12/25 13:17:48 jsing Exp $ */ | 1 | /* $OpenBSD: x_attrib.c,v 1.17 2022/05/09 19:19:33 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -64,48 +64,14 @@ | |||
64 | 64 | ||
65 | #include "x509_lcl.h" | 65 | #include "x509_lcl.h" |
66 | 66 | ||
67 | /* X509_ATTRIBUTE: this has the following form: | 67 | /* |
68 | * | 68 | * XXX - remove X509_ATTRIBUTE_SET_it with next major bump. |
69 | * typedef struct x509_attributes_st | ||
70 | * { | ||
71 | * ASN1_OBJECT *object; | ||
72 | * int single; | ||
73 | * union { | ||
74 | * char *ptr; | ||
75 | * STACK_OF(ASN1_TYPE) *set; | ||
76 | * ASN1_TYPE *single; | ||
77 | * } value; | ||
78 | * } X509_ATTRIBUTE; | ||
79 | * | ||
80 | * this needs some extra thought because the CHOICE type is | ||
81 | * merged with the main structure and because the value can | ||
82 | * be anything at all we *must* try the SET OF first because | ||
83 | * the ASN1_ANY type will swallow anything including the whole | ||
84 | * SET OF structure. | ||
85 | */ | 69 | */ |
86 | |||
87 | static const ASN1_TEMPLATE X509_ATTRIBUTE_SET_ch_tt[] = { | ||
88 | { | ||
89 | .flags = ASN1_TFLG_SET_OF, | ||
90 | .tag = 0, | ||
91 | .offset = offsetof(X509_ATTRIBUTE, value.set), | ||
92 | .field_name = "value.set", | ||
93 | .item = &ASN1_ANY_it, | ||
94 | }, | ||
95 | { | ||
96 | .flags = 0, | ||
97 | .tag = 0, | ||
98 | .offset = offsetof(X509_ATTRIBUTE, value.single), | ||
99 | .field_name = "value.single", | ||
100 | .item = &ASN1_ANY_it, | ||
101 | }, | ||
102 | }; | ||
103 | |||
104 | const ASN1_ITEM X509_ATTRIBUTE_SET_it = { | 70 | const ASN1_ITEM X509_ATTRIBUTE_SET_it = { |
105 | .itype = ASN1_ITYPE_CHOICE, | 71 | .itype = ASN1_ITYPE_CHOICE, |
106 | .utype = offsetof(X509_ATTRIBUTE, single), | 72 | .utype = 0, |
107 | .templates = X509_ATTRIBUTE_SET_ch_tt, | 73 | .templates = NULL, |
108 | .tcount = sizeof(X509_ATTRIBUTE_SET_ch_tt) / sizeof(ASN1_TEMPLATE), | 74 | .tcount = 0, |
109 | .funcs = NULL, | 75 | .funcs = NULL, |
110 | .size = sizeof(X509_ATTRIBUTE), | 76 | .size = sizeof(X509_ATTRIBUTE), |
111 | .sname = "X509_ATTRIBUTE", | 77 | .sname = "X509_ATTRIBUTE", |
@@ -119,13 +85,12 @@ static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = { | |||
119 | .field_name = "object", | 85 | .field_name = "object", |
120 | .item = &ASN1_OBJECT_it, | 86 | .item = &ASN1_OBJECT_it, |
121 | }, | 87 | }, |
122 | /* CHOICE type merged with parent */ | ||
123 | { | 88 | { |
124 | .flags = 0 | ASN1_TFLG_COMBINE, | 89 | .flags = ASN1_TFLG_SET_OF, |
125 | .tag = 0, | 90 | .tag = 0, |
126 | .offset = 0, | 91 | .offset = offsetof(X509_ATTRIBUTE, set), |
127 | .field_name = NULL, | 92 | .field_name = "set", |
128 | .item = &X509_ATTRIBUTE_SET_it, | 93 | .item = &ASN1_ANY_it, |
129 | }, | 94 | }, |
130 | }; | 95 | }; |
131 | 96 | ||
@@ -183,12 +148,9 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value) | |||
183 | if ((ret = X509_ATTRIBUTE_new()) == NULL) | 148 | if ((ret = X509_ATTRIBUTE_new()) == NULL) |
184 | return (NULL); | 149 | return (NULL); |
185 | ret->object = oid; | 150 | ret->object = oid; |
186 | ret->single = 0; | ||
187 | if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) | ||
188 | goto err; | ||
189 | if ((val = ASN1_TYPE_new()) == NULL) | 151 | if ((val = ASN1_TYPE_new()) == NULL) |
190 | goto err; | 152 | goto err; |
191 | if (!sk_ASN1_TYPE_push(ret->value.set, val)) | 153 | if (!sk_ASN1_TYPE_push(ret->set, val)) |
192 | goto err; | 154 | goto err; |
193 | 155 | ||
194 | ASN1_TYPE_set(val, atrtype, value); | 156 | ASN1_TYPE_set(val, atrtype, value); |