Remove X509_ATTRIBUTE hack.
The X509_ATTRIBUTE structure includes a hack to tolerate malformed attributes that encode as the type instead of SET OF type. This form is never created by OpenSSL and shouldn't be needed any more. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
ca3a82c3b3
commit
e20b57270d
crypto/x509
@ -317,9 +317,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|||||||
goto err;
|
goto err;
|
||||||
atype = attrtype;
|
atype = attrtype;
|
||||||
}
|
}
|
||||||
if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
|
|
||||||
goto err;
|
|
||||||
attr->single = 0;
|
|
||||||
/*
|
/*
|
||||||
* This is a bit naughty because the attribute should really have at
|
* This is a bit naughty because the attribute should really have at
|
||||||
* least one value but some types use and zero length SET and require
|
* least one value but some types use and zero length SET and require
|
||||||
@ -334,7 +331,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|||||||
goto err;
|
goto err;
|
||||||
} else
|
} else
|
||||||
ASN1_TYPE_set(ttmp, atype, stmp);
|
ASN1_TYPE_set(ttmp, atype, stmp);
|
||||||
if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
|
if (!sk_ASN1_TYPE_push(attr->set, ttmp))
|
||||||
goto err;
|
goto err;
|
||||||
return 1;
|
return 1;
|
||||||
err:
|
err:
|
||||||
@ -344,11 +341,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|||||||
|
|
||||||
int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
|
int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
|
||||||
{
|
{
|
||||||
if (!attr->single)
|
if (attr == NULL)
|
||||||
return sk_ASN1_TYPE_num(attr->value.set);
|
return 0;
|
||||||
if (attr->value.single)
|
return sk_ASN1_TYPE_num(attr->set);
|
||||||
return 1;
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
|
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
|
||||||
@ -375,11 +370,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
|
|||||||
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
|
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
|
||||||
{
|
{
|
||||||
if (attr == NULL)
|
if (attr == NULL)
|
||||||
return (NULL);
|
|
||||||
if (idx >= X509_ATTRIBUTE_count(attr))
|
|
||||||
return NULL;
|
return NULL;
|
||||||
if (!attr->single)
|
return sk_ASN1_TYPE_value(attr->set, idx);
|
||||||
return sk_ASN1_TYPE_value(attr->value.set, idx);
|
|
||||||
else
|
|
||||||
return attr->value.single;
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -74,17 +74,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
|
|||||||
/* a sequence of these are used */
|
/* a sequence of these are used */
|
||||||
struct x509_attributes_st {
|
struct x509_attributes_st {
|
||||||
ASN1_OBJECT *object;
|
ASN1_OBJECT *object;
|
||||||
int single; /* 0 for a set, 1 for a single item (which is
|
STACK_OF(ASN1_TYPE) *set;
|
||||||
* wrong) */
|
|
||||||
union {
|
|
||||||
char *ptr;
|
|
||||||
/*
|
|
||||||
* 0
|
|
||||||
*/ STACK_OF(ASN1_TYPE) *set;
|
|
||||||
/*
|
|
||||||
* 1
|
|
||||||
*/ ASN1_TYPE *single;
|
|
||||||
} value;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct X509_extension_st {
|
struct X509_extension_st {
|
||||||
|
|||||||
@ -69,30 +69,14 @@
|
|||||||
* typedef struct x509_attributes_st
|
* typedef struct x509_attributes_st
|
||||||
* {
|
* {
|
||||||
* ASN1_OBJECT *object;
|
* ASN1_OBJECT *object;
|
||||||
* int single;
|
* STACK_OF(ASN1_TYPE) *set;
|
||||||
* union {
|
|
||||||
* char *ptr;
|
|
||||||
* STACK_OF(ASN1_TYPE) *set;
|
|
||||||
* ASN1_TYPE *single;
|
|
||||||
* } value;
|
|
||||||
* } X509_ATTRIBUTE;
|
* } X509_ATTRIBUTE;
|
||||||
*
|
*
|
||||||
* this needs some extra thought because the CHOICE type is
|
|
||||||
* merged with the main structure and because the value can
|
|
||||||
* be anything at all we *must* try the SET OF first because
|
|
||||||
* the ASN1_ANY type will swallow anything including the whole
|
|
||||||
* SET OF structure.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
|
|
||||||
ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
|
|
||||||
ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
|
|
||||||
} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
|
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
|
||||||
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
|
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
|
||||||
/* CHOICE type merged with parent */
|
ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
|
||||||
ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
|
|
||||||
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
|
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
|
||||||
|
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
|
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
|
||||||
@ -106,12 +90,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
|
|||||||
if ((ret = X509_ATTRIBUTE_new()) == NULL)
|
if ((ret = X509_ATTRIBUTE_new()) == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
ret->object = OBJ_nid2obj(nid);
|
ret->object = OBJ_nid2obj(nid);
|
||||||
ret->single = 0;
|
|
||||||
if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
|
|
||||||
goto err;
|
|
||||||
if ((val = ASN1_TYPE_new()) == NULL)
|
if ((val = ASN1_TYPE_new()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
if (!sk_ASN1_TYPE_push(ret->value.set, val))
|
if (!sk_ASN1_TYPE_push(ret->set, val))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
ASN1_TYPE_set(val, atrtype, value);
|
ASN1_TYPE_set(val, atrtype, value);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user