From 9b0a453190efc9b14cc04e74ce2e8e35af45fb39 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 14 Mar 2015 23:48:47 +0000 Subject: [PATCH] Make X509_ATTRIBUTE opaque. Reviewed-by: Rich Salz --- apps/pkcs12.c | 10 ++++--- crypto/asn1/Makefile | 17 ++---------- crypto/asn1/t_req.c | 23 +++++++--------- crypto/pkcs12/p12_attr.c | 15 +++-------- crypto/pkcs7/pk7_doit.c | 22 ++++------------ crypto/x509/Makefile | 4 +-- crypto/x509/x509.h | 16 +----------- crypto/x509/x509_att.c | 1 + crypto/x509/x509_lcl.h | 16 ++++++++++++ crypto/x509/x509_req.c | 45 ++++++++------------------------ crypto/{asn1 => x509}/x_attrib.c | 1 + 11 files changed, 57 insertions(+), 113 deletions(-) rename crypto/{asn1 => x509}/x_attrib.c (99%) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 3c06930ce6..e33fe243ee 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -993,17 +993,19 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, } BIO_printf(out, "%s\n", name); for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + ASN1_OBJECT *attr_obj; attr = sk_X509_ATTRIBUTE_value(attrlst, i); - attr_nid = OBJ_obj2nid(attr->object); + attr_obj = X509_ATTRIBUTE_get0_object(attr); + attr_nid = OBJ_obj2nid(attr_obj); BIO_printf(out, " "); if (attr_nid == NID_undef) { - i2a_ASN1_OBJECT(out, attr->object); + i2a_ASN1_OBJECT(out, attr_obj); BIO_printf(out, ": "); } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); - if (sk_ASN1_TYPE_num(attr->value.set)) { - av = sk_ASN1_TYPE_value(attr->value.set, 0); + if (X509_ATTRIBUTE_count(attr)) { + av = X509_ATTRIBUTE_get0_type(attr, 0); switch (av->type) { case V_ASN1_BMPSTRING: value = OPENSSL_uni2asc(av->value.bmpstring->data, diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index a7b6c35396..3009bbf198 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -20,7 +20,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ - x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ + x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ @@ -34,7 +34,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ - x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ + x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ @@ -759,19 +759,6 @@ x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c -x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h -x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 58986e1138..2a8895834b 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -161,27 +161,22 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ASN1_TYPE *at; X509_ATTRIBUTE *a; ASN1_BIT_STRING *bs = NULL; - ASN1_TYPE *t; + ASN1_OBJECT *aobj; int j, type = 0, count = 1, ii = 0; a = sk_X509_ATTRIBUTE_value(sk, i); - if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) + aobj = X509_ATTRIBUTE_get0_object(a); + if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) continue; if (BIO_printf(bp, "%12s", "") <= 0) goto err; - if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { - if (a->single) { - t = a->value.single; - type = t->type; - bs = t->value.bit_string; - } else { - ii = 0; - count = sk_ASN1_TYPE_num(a->value.set); + if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { + ii = 0; + count = X509_ATTRIBUTE_count(a); get_next: - at = sk_ASN1_TYPE_value(a->value.set, ii); - type = at->type; - bs = at->value.asn1_string; - } + at = X509_ATTRIBUTE_get0_type(a, ii); + type = at->type; + bs = at->value.asn1_string; } for (j = 25 - j; j > 0; j--) if (BIO_write(bp, " ", 1) != 1) diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index fff3ba1ece..70695b7bb6 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -121,18 +121,9 @@ ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) { X509_ATTRIBUTE *attrib; int i; - if (!attrs) - return NULL; - for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { - attrib = sk_X509_ATTRIBUTE_value(attrs, i); - if (OBJ_obj2nid(attrib->object) == attr_nid) { - if (sk_ASN1_TYPE_num(attrib->value.set)) - return sk_ASN1_TYPE_value(attrib->value.set, 0); - else - return NULL; - } - } - return NULL; + i = X509at_get_attr_by_NID(attrs, attr_nid, -1); + attrib = X509at_get_attr(attrs, i); + return X509_ATTRIBUTE_get0_type(attrib, 0); } char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 54b7b0785a..f61d63b39b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1067,23 +1067,11 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) { - int i; + int idx; X509_ATTRIBUTE *xa; - ASN1_OBJECT *o; - - o = OBJ_nid2obj(nid); - if (!o || !sk) - return (NULL); - for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { - xa = sk_X509_ATTRIBUTE_value(sk, i); - if (OBJ_cmp(xa->object, o) == 0) { - if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return (sk_ASN1_TYPE_value(xa->value.set, 0)); - else - return (NULL); - } - } - return (NULL); + idx = X509at_get_attr_by_NID(sk, nid, -1); + xa = X509at_get_attr(sk, idx); + return X509_ATTRIBUTE_get0_type(xa, 0); } ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) @@ -1167,7 +1155,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { attr = sk_X509_ATTRIBUTE_value(*sk, i); - if (OBJ_obj2nid(attr->object) == nid) { + if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { X509_ATTRIBUTE_free(attr); attr = X509_ATTRIBUTE_create(nid, atrtype, value); if (attr == NULL) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index f168b473e7..de964059fc 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -22,13 +22,13 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ x509type.c x509_lu.c x_all.c x509_txt.c \ - x509_trs.c by_file.c by_dir.c x509_vpm.c + x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ x509_obj.o x509_req.o x509spki.o x509_vfy.o \ x509_set.o x509cset.o x509rset.o x509_err.o \ x509name.o x509_v3.o x509_ext.o x509_att.o \ x509type.o x509_lu.o x_all.o x509_txt.o \ - x509_trs.o by_file.o by_dir.o x509_vpm.o + x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o SRC= $(LIBSRC) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index afc16a3187..64f1283e42 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -181,21 +181,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) -/* a sequence of these are used */ -typedef struct x509_attributes_st { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is - * wrong) */ - union { - char *ptr; - /* - * 0 - */ STACK_OF(ASN1_TYPE) *set; - /* - * 1 - */ ASN1_TYPE *single; - } value; -} X509_ATTRIBUTE; +typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index bd59281f9d..212c422e05 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -64,6 +64,7 @@ #include #include #include +#include "x509_lcl.h" int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index c7621fd1e6..15b861809b 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -70,3 +70,19 @@ struct X509_VERIFY_PARAM_ID_st { }; int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); + +/* a sequence of these are used */ +struct x509_attributes_st { + ASN1_OBJECT *object; + int single; /* 0 for a set, 1 for a single item (which is + * wrong) */ + union { + char *ptr; + /* + * 0 + */ STACK_OF(ASN1_TYPE) *set; + /* + * 1 + */ ASN1_TYPE *single; + } value; +}; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 01795f4b3f..682c2c2acb 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -201,10 +201,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if (attr->single) - ext = attr->value.single; - else if (sk_ASN1_TYPE_num(attr->value.set)) - ext = sk_ASN1_TYPE_value(attr->value.set, 0); + ext = X509_ATTRIBUTE_get0_type(attr, 0); break; } if (!ext || (ext->type != V_ASN1_SEQUENCE)) @@ -223,37 +220,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - ASN1_TYPE *at = NULL; - X509_ATTRIBUTE *attr = NULL; - if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) - goto err; - - at->type = V_ASN1_SEQUENCE; + int extlen; + int rv = 0; + unsigned char *ext = NULL; /* Generate encoding of extensions */ - at->value.sequence->length = - ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, - ASN1_ITEM_rptr(X509_EXTENSIONS)); - if (!(attr = X509_ATTRIBUTE_new())) - goto err; - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - if (!sk_ASN1_TYPE_push(attr->value.set, at)) - goto err; - at = NULL; - attr->single = 0; - attr->object = OBJ_nid2obj(nid); - if (!req->req_info->attributes) { - if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) - goto err; - } - if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) - goto err; - return 1; - err: - X509_ATTRIBUTE_free(attr); - ASN1_TYPE_free(at); - return 0; + extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext, + ASN1_ITEM_rptr(X509_EXTENSIONS)); + if (extlen <= 0) + return 0; + rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); + OPENSSL_free(ext); + return rv; } /* This is the normal usage: use the "official" OID */ diff --git a/crypto/asn1/x_attrib.c b/crypto/x509/x_attrib.c similarity index 99% rename from crypto/asn1/x_attrib.c rename to crypto/x509/x_attrib.c index 93ef53bd5e..335a85be7c 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -61,6 +61,7 @@ #include #include #include +#include "x509_lcl.h" /*- * X509_ATTRIBUTE: this has the following form: -- 2.25.1