diff options
| author | jsing <> | 2022-05-09 19:19:33 +0000 |
|---|---|---|
| committer | jsing <> | 2022-05-09 19:19:33 +0000 |
| commit | 295acdc1d1b92f8bf9f9e729590d5598c3bd0333 (patch) | |
| tree | 44e4aa3383529610dcee9721a51440056792b424 /src/lib/libcrypto/asn1 | |
| parent | 8cd405b40cda8503a806224763bb295465187159 (diff) | |
| download | openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.tar.gz openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.tar.bz2 openbsd-295acdc1d1b92f8bf9f9e729590d5598c3bd0333.zip | |
Simplify X509_ATTRIBUTE ASN.1 encoding.
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/asn1')
| -rw-r--r-- | src/lib/libcrypto/asn1/t_req.c | 21 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/x_attrib.c | 60 |
2 files changed, 17 insertions, 64 deletions
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c index cc9da46439..4b27a4ddbe 100644 --- a/src/lib/libcrypto/asn1/t_req.c +++ b/src/lib/libcrypto/asn1/t_req.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t_req.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */ | 1 | /* $OpenBSD: t_req.c,v 1.22 2022/05/09 19:19:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -176,7 +176,6 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, | |||
| 176 | ASN1_TYPE *at; | 176 | ASN1_TYPE *at; |
| 177 | X509_ATTRIBUTE *a; | 177 | X509_ATTRIBUTE *a; |
| 178 | ASN1_BIT_STRING *bs = NULL; | 178 | ASN1_BIT_STRING *bs = NULL; |
| 179 | ASN1_TYPE *t; | ||
| 180 | int j, type = 0, count = 1, ii = 0; | 179 | int j, type = 0, count = 1, ii = 0; |
| 181 | 180 | ||
| 182 | a = sk_X509_ATTRIBUTE_value(sk, i); | 181 | a = sk_X509_ATTRIBUTE_value(sk, i); |
| @@ -186,20 +185,12 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, | |||
| 186 | if (BIO_printf(bp, "%12s", "") <= 0) | 185 | if (BIO_printf(bp, "%12s", "") <= 0) |
| 187 | goto err; | 186 | goto err; |
| 188 | if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { | 187 | if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { |
| 189 | if (a->single) { | 188 | ii = 0; |
| 190 | t = a->value.single; | 189 | count = sk_ASN1_TYPE_num(a->set); |
| 191 | type = t->type; | ||
| 192 | bs = t->value.bit_string; | ||
| 193 | } else { | ||
| 194 | ii = 0; | ||
| 195 | count = sk_ASN1_TYPE_num( | ||
| 196 | a->value.set); | ||
| 197 | get_next: | 190 | get_next: |
| 198 | at = sk_ASN1_TYPE_value( | 191 | at = sk_ASN1_TYPE_value(a->set, ii); |
| 199 | a->value.set, ii); | 192 | type = at->type; |
| 200 | type = at->type; | 193 | bs = at->value.asn1_string; |
| 201 | bs = at->value.asn1_string; | ||
| 202 | } | ||
| 203 | } | 194 | } |
| 204 | for (j = 25 - j; j > 0; j--) | 195 | for (j = 25 - j; j > 0; j--) |
| 205 | if (BIO_write(bp, " ", 1) != 1) | 196 | if (BIO_write(bp, " ", 1) != 1) |
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c index 47b5afd95d..e8822a33a5 100644 --- a/src/lib/libcrypto/asn1/x_attrib.c +++ b/src/lib/libcrypto/asn1/x_attrib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_attrib.c,v 1.16 2021/12/25 13:17:48 jsing Exp $ */ | 1 | /* $OpenBSD: x_attrib.c,v 1.17 2022/05/09 19:19:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -64,48 +64,14 @@ | |||
| 64 | 64 | ||
| 65 | #include "x509_lcl.h" | 65 | #include "x509_lcl.h" |
| 66 | 66 | ||
| 67 | /* X509_ATTRIBUTE: this has the following form: | 67 | /* |
| 68 | * | 68 | * XXX - remove X509_ATTRIBUTE_SET_it with next major bump. |
| 69 | * typedef struct x509_attributes_st | ||
| 70 | * { | ||
| 71 | * ASN1_OBJECT *object; | ||
| 72 | * int single; | ||
| 73 | * union { | ||
| 74 | * char *ptr; | ||
| 75 | * STACK_OF(ASN1_TYPE) *set; | ||
| 76 | * ASN1_TYPE *single; | ||
| 77 | * } value; | ||
| 78 | * } X509_ATTRIBUTE; | ||
| 79 | * | ||
| 80 | * this needs some extra thought because the CHOICE type is | ||
| 81 | * merged with the main structure and because the value can | ||
| 82 | * be anything at all we *must* try the SET OF first because | ||
| 83 | * the ASN1_ANY type will swallow anything including the whole | ||
| 84 | * SET OF structure. | ||
| 85 | */ | 69 | */ |
| 86 | |||
| 87 | static const ASN1_TEMPLATE X509_ATTRIBUTE_SET_ch_tt[] = { | ||
| 88 | { | ||
| 89 | .flags = ASN1_TFLG_SET_OF, | ||
| 90 | .tag = 0, | ||
| 91 | .offset = offsetof(X509_ATTRIBUTE, value.set), | ||
| 92 | .field_name = "value.set", | ||
| 93 | .item = &ASN1_ANY_it, | ||
| 94 | }, | ||
| 95 | { | ||
| 96 | .flags = 0, | ||
| 97 | .tag = 0, | ||
| 98 | .offset = offsetof(X509_ATTRIBUTE, value.single), | ||
| 99 | .field_name = "value.single", | ||
| 100 | .item = &ASN1_ANY_it, | ||
| 101 | }, | ||
| 102 | }; | ||
| 103 | |||
| 104 | const ASN1_ITEM X509_ATTRIBUTE_SET_it = { | 70 | const ASN1_ITEM X509_ATTRIBUTE_SET_it = { |
| 105 | .itype = ASN1_ITYPE_CHOICE, | 71 | .itype = ASN1_ITYPE_CHOICE, |
| 106 | .utype = offsetof(X509_ATTRIBUTE, single), | 72 | .utype = 0, |
| 107 | .templates = X509_ATTRIBUTE_SET_ch_tt, | 73 | .templates = NULL, |
| 108 | .tcount = sizeof(X509_ATTRIBUTE_SET_ch_tt) / sizeof(ASN1_TEMPLATE), | 74 | .tcount = 0, |
| 109 | .funcs = NULL, | 75 | .funcs = NULL, |
| 110 | .size = sizeof(X509_ATTRIBUTE), | 76 | .size = sizeof(X509_ATTRIBUTE), |
| 111 | .sname = "X509_ATTRIBUTE", | 77 | .sname = "X509_ATTRIBUTE", |
| @@ -119,13 +85,12 @@ static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = { | |||
| 119 | .field_name = "object", | 85 | .field_name = "object", |
| 120 | .item = &ASN1_OBJECT_it, | 86 | .item = &ASN1_OBJECT_it, |
| 121 | }, | 87 | }, |
| 122 | /* CHOICE type merged with parent */ | ||
| 123 | { | 88 | { |
| 124 | .flags = 0 | ASN1_TFLG_COMBINE, | 89 | .flags = ASN1_TFLG_SET_OF, |
| 125 | .tag = 0, | 90 | .tag = 0, |
| 126 | .offset = 0, | 91 | .offset = offsetof(X509_ATTRIBUTE, set), |
| 127 | .field_name = NULL, | 92 | .field_name = "set", |
| 128 | .item = &X509_ATTRIBUTE_SET_it, | 93 | .item = &ASN1_ANY_it, |
| 129 | }, | 94 | }, |
| 130 | }; | 95 | }; |
| 131 | 96 | ||
| @@ -183,12 +148,9 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value) | |||
| 183 | if ((ret = X509_ATTRIBUTE_new()) == NULL) | 148 | if ((ret = X509_ATTRIBUTE_new()) == NULL) |
| 184 | return (NULL); | 149 | return (NULL); |
| 185 | ret->object = oid; | 150 | ret->object = oid; |
| 186 | ret->single = 0; | ||
| 187 | if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) | ||
| 188 | goto err; | ||
| 189 | if ((val = ASN1_TYPE_new()) == NULL) | 151 | if ((val = ASN1_TYPE_new()) == NULL) |
| 190 | goto err; | 152 | goto err; |
| 191 | if (!sk_ASN1_TYPE_push(ret->value.set, val)) | 153 | if (!sk_ASN1_TYPE_push(ret->set, val)) |
| 192 | goto err; | 154 | goto err; |
| 193 | 155 | ||
| 194 | ASN1_TYPE_set(val, atrtype, value); | 156 | ASN1_TYPE_set(val, atrtype, value); |