From e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 25 Mar 2015 15:08:55 +0000 Subject: [PATCH] Remove X509_ATTRIBUTE hack. The X509_ATTRIBUTE structure includes a hack to tolerate malformed attributes that encode as the type instead of SET OF type. This form is never created by OpenSSL and shouldn't be needed any more. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- crypto/x509/x509_att.c | 20 +++++--------------- crypto/x509/x509_lcl.h | 12 +----------- crypto/x509/x_attrib.c | 25 +++---------------------- 3 files changed, 9 insertions(+), 48 deletions(-) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 212c422e05..292546b46f 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -317,9 +317,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, goto err; atype = attrtype; } - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - attr->single = 0; /* * This is a bit naughty because the attribute should really have at * least one value but some types use and zero length SET and require @@ -334,7 +331,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, goto err; } else ASN1_TYPE_set(ttmp, atype, stmp); - if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) + if (!sk_ASN1_TYPE_push(attr->set, ttmp)) goto err; return 1; err: @@ -344,11 +341,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) { - if (!attr->single) - return sk_ASN1_TYPE_num(attr->value.set); - if (attr->value.single) - return 1; - return 0; + if (attr == NULL) + return 0; + return sk_ASN1_TYPE_num(attr->set); } ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) @@ -375,11 +370,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) { if (attr == NULL) - return (NULL); - if (idx >= X509_ATTRIBUTE_count(attr)) return NULL; - if (!attr->single) - return sk_ASN1_TYPE_value(attr->value.set, idx); - else - return attr->value.single; + return sk_ASN1_TYPE_value(attr->set, idx); } diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 5e38f5f0c0..427d8ca3db 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -74,17 +74,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); /* a sequence of these are used */ struct x509_attributes_st { ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is - * wrong) */ - union { - char *ptr; - /* - * 0 - */ STACK_OF(ASN1_TYPE) *set; - /* - * 1 - */ ASN1_TYPE *single; - } value; + STACK_OF(ASN1_TYPE) *set; }; struct X509_extension_st { diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 335a85be7c..a07a5da139 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -69,30 +69,14 @@ * typedef struct x509_attributes_st * { * ASN1_OBJECT *object; - * int single; - * union { - * char *ptr; - * STACK_OF(ASN1_TYPE) *set; - * ASN1_TYPE *single; - * } value; + * STACK_OF(ASN1_TYPE) *set; * } X509_ATTRIBUTE; * - * this needs some extra thought because the CHOICE type is - * merged with the main structure and because the value can - * be anything at all we *must* try the SET OF first because - * the ASN1_ANY type will swallow anything including the whole - * SET OF structure. */ -ASN1_CHOICE(X509_ATTRIBUTE_SET) = { - ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), - ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) -} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) - ASN1_SEQUENCE(X509_ATTRIBUTE) = { ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), - /* CHOICE type merged with parent */ - ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) + ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) } ASN1_SEQUENCE_END(X509_ATTRIBUTE) IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) @@ -106,12 +90,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) if ((ret = X509_ATTRIBUTE_new()) == NULL) return (NULL); ret->object = OBJ_nid2obj(nid); - ret->single = 0; - if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) - goto err; if ((val = ASN1_TYPE_new()) == NULL) goto err; - if (!sk_ASN1_TYPE_push(ret->value.set, val)) + if (!sk_ASN1_TYPE_push(ret->set, val)) goto err; ASN1_TYPE_set(val, atrtype, value); -- 2.25.1