Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF. Simplify encoding and remove support for single values - this is similar to OpenSSL e20b57270dec. This removes the last use of COMBINE in the ASN.1 decoder. ok tb@
author: jsing <> 2022-05-09 19:19:33 +0000
committer: jsing <> 2022-05-09 19:19:33 +0000
commit: affd849ffb55c61005447fc830be63be639e6e82 (patch)
tree: 44e4aa3383529610dcee9721a51440056792b424 /src/lib/libcrypto/x509
parent: 8ce75307b6eeae36eef3a3458c5163787c3d2fb7 (diff)
download: openbsd-affd849ffb55c61005447fc830be63be639e6e82.tar.gz
openbsd-affd849ffb55c61005447fc830be63be639e6e82.tar.bz2
openbsd-affd849ffb55c61005447fc830be63be639e6e82.zip
2 files changed, 11 insertions, 23 deletions
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index 38aa063143..8d369df900 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_att.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x509_att.c,v 1.19 2022/05/09 19:19:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -324,10 +324,8 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
                        goto err;
                atype = attrtype;
        }
-        if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+        /*
-                goto err;
+         * This is a bit naughty because the attribute should really have
-        attr->single = 0;
-        /* This is a bit naughty because the attribute should really have
         * at least one value but some types use and zero length SET and
         * require this.
         */
@@ -343,7 +341,7 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
                        goto err;
        } else
                ASN1_TYPE_set(ttmp, atype, stmp);
-        if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+        if (!sk_ASN1_TYPE_push(attr->set, ttmp))
                goto err;
        return 1;
@@ -357,11 +355,10 @@ err:
 int
 X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
 {
-        if (!attr->single)
+        if (attr == NULL)
-                return sk_ASN1_TYPE_num(attr->value.set);
+                return 0;
-        if (attr->value.single)
-                return 1;
+        return sk_ASN1_TYPE_num(attr->set);
-        return 0;
 }
 ASN1_OBJECT *
@@ -392,10 +389,6 @@ X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
        if (attr == NULL)
                return (NULL);
-        if (idx >= X509_ATTRIBUTE_count(attr))
-                return NULL;
+        return sk_ASN1_TYPE_value(attr->set, idx);
-        if (!attr->single)
-                return sk_ASN1_TYPE_value(attr->value.set, idx);
-        else
-                return attr->value.single;
 }
diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h
index e7eb733f7d..5beef8a94d 100644
--- a/src/lib/libcrypto/x509/x509_lcl.h
+++ b/src/lib/libcrypto/x509/x509_lcl.h
@@ -109,12 +109,7 @@ struct X509_extension_st {
 struct x509_attributes_st {
        ASN1_OBJECT *object;
-        int single; /* 0 for a set, 1 for a single item (which is wrong) */
+        STACK_OF(ASN1_TYPE) *set;
-        union {
-                char            *ptr;
-/* 0 */         STACK_OF(ASN1_TYPE) *set;
-/* 1 */         ASN1_TYPE       *single;
-        } value;
 } /* X509_ATTRIBUTE */;
 struct X509_req_info_st {
author	jsing <>	2022-05-09 19:19:33 +0000
committer	jsing <>	2022-05-09 19:19:33 +0000
commit	affd849ffb55c61005447fc830be63be639e6e82 (patch)
tree	44e4aa3383529610dcee9721a51440056792b424 /src/lib/libcrypto/x509
parent	8ce75307b6eeae36eef3a3458c5163787c3d2fb7 (diff)
download	openbsd-affd849ffb55c61005447fc830be63be639e6e82.tar.gz openbsd-affd849ffb55c61005447fc830be63be639e6e82.tar.bz2 openbsd-affd849ffb55c61005447fc830be63be639e6e82.zip

diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c index 38aa063143..8d369df900 100644 --- a/src/lib/libcrypto/x509/x509_att.c +++ b/src/lib/libcrypto/x509/x509_att.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_att.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */	1	/* $OpenBSD: x509_att.c,v 1.19 2022/05/09 19:19:33 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -324,10 +324,8 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE attr, int attrtype, const void data,
324	goto err;	324	goto err;
325	atype = attrtype;	325	atype = attrtype;
326	}	326	}
327	if (!(attr->value.set = sk_ASN1_TYPE_new_null()))	327	/*
328	goto err;	328	* This is a bit naughty because the attribute should really have
329	attr->single = 0;
330	/* This is a bit naughty because the attribute should really have
331	* at least one value but some types use and zero length SET and	329	* at least one value but some types use and zero length SET and
332	* require this.	330	* require this.
333	*/	331	*/
@@ -343,7 +341,7 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE attr, int attrtype, const void data,
343	goto err;	341	goto err;
344	} else	342	} else
345	ASN1_TYPE_set(ttmp, atype, stmp);	343	ASN1_TYPE_set(ttmp, atype, stmp);
346	if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))	344	if (!sk_ASN1_TYPE_push(attr->set, ttmp))
347	goto err;	345	goto err;
348	return 1;	346	return 1;
349		347
@@ -357,11 +355,10 @@ err:
357	int	355	int
358	X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)	356	X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
359	{	357	{
360	if (!attr->single)	358	if (attr == NULL)
361	return sk_ASN1_TYPE_num(attr->value.set);	359	return 0;
362	if (attr->value.single)	360
363	return 1;	361	return sk_ASN1_TYPE_num(attr->set);
364	return 0;
365	}	362	}
366		363
367	ASN1_OBJECT *	364	ASN1_OBJECT *
@@ -392,10 +389,6 @@ X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
392	{	389	{
393	if (attr == NULL)	390	if (attr == NULL)
394	return (NULL);	391	return (NULL);
395	if (idx >= X509_ATTRIBUTE_count(attr))	392
396	return NULL;	393	return sk_ASN1_TYPE_value(attr->set, idx);
397	if (!attr->single)
398	return sk_ASN1_TYPE_value(attr->value.set, idx);
399	else
400	return attr->value.single;
401	}	394	}


diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h index e7eb733f7d..5beef8a94d 100644 --- a/src/lib/libcrypto/x509/x509_lcl.h +++ b/src/lib/libcrypto/x509/x509_lcl.h
@@ -109,12 +109,7 @@ struct X509_extension_st {
109		109
110	struct x509_attributes_st {	110	struct x509_attributes_st {
111	ASN1_OBJECT *object;	111	ASN1_OBJECT *object;
112	int single; /* 0 for a set, 1 for a single item (which is wrong) */	112	STACK_OF(ASN1_TYPE) *set;
113	union {
114	char *ptr;
115	/* 0 / STACK_OF(ASN1_TYPE) set;
116	/* 1 / ASN1_TYPE single;
117	} value;
118	} /* X509_ATTRIBUTE */;	113	} /* X509_ATTRIBUTE */;
119		114
120	struct X509_req_info_st {	115	struct X509_req_info_st {