[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Mon Mar 16 15:56:42 UTC 2015
The branch master has been updated
via 9b0a453190efc9b14cc04e74ce2e8e35af45fb39 (commit)
from da27006df06853a33b132133699a7aa9d4277920 (commit)
- Log -----------------------------------------------------------------
commit 9b0a453190efc9b14cc04e74ce2e8e35af45fb39
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Mar 14 23:48:47 2015 +0000
Make X509_ATTRIBUTE opaque.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 10 +++++----
crypto/asn1/Makefile | 17 ++-------------
crypto/asn1/t_req.c | 23 ++++++++------------
crypto/pkcs12/p12_attr.c | 15 +++-----------
crypto/pkcs7/pk7_doit.c | 22 +++++---------------
crypto/x509/Makefile | 4 ++--
crypto/x509/x509.h | 16 +-------------
crypto/x509/x509_att.c | 1 +
crypto/x509/x509_lcl.h | 16 ++++++++++++++
crypto/x509/x509_req.c | 45 ++++++++++------------------------------
crypto/{asn1 => x509}/x_attrib.c | 1 +
11 files changed, 57 insertions(+), 113 deletions(-)
rename crypto/{asn1 => x509}/x_attrib.c (99%)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 3c06930..e33fe24 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -993,17 +993,19 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
}
BIO_printf(out, "%s\n", name);
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+ ASN1_OBJECT *attr_obj;
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
- attr_nid = OBJ_obj2nid(attr->object);
+ attr_obj = X509_ATTRIBUTE_get0_object(attr);
+ attr_nid = OBJ_obj2nid(attr_obj);
BIO_printf(out, " ");
if (attr_nid == NID_undef) {
- i2a_ASN1_OBJECT(out, attr->object);
+ i2a_ASN1_OBJECT(out, attr_obj);
BIO_printf(out, ": ");
} else
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
- if (sk_ASN1_TYPE_num(attr->value.set)) {
- av = sk_ASN1_TYPE_value(attr->value.set, 0);
+ if (X509_ATTRIBUTE_count(attr)) {
+ av = X509_ATTRIBUTE_get0_type(attr, 0);
switch (av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index a7b6c35..3009bbf 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -20,7 +20,7 @@ LIB=$(TOP)/libcrypto.a
LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
- x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
@@ -34,7 +34,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
- x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
@@ -759,19 +759,6 @@ x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
-x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
-x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c
x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 58986e1..2a88958 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -161,27 +161,22 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
ASN1_TYPE *at;
X509_ATTRIBUTE *a;
ASN1_BIT_STRING *bs = NULL;
- ASN1_TYPE *t;
+ ASN1_OBJECT *aobj;
int j, type = 0, count = 1, ii = 0;
a = sk_X509_ATTRIBUTE_value(sk, i);
- if (X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+ aobj = X509_ATTRIBUTE_get0_object(a);
+ if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
continue;
if (BIO_printf(bp, "%12s", "") <= 0)
goto err;
- if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
- if (a->single) {
- t = a->value.single;
- type = t->type;
- bs = t->value.bit_string;
- } else {
- ii = 0;
- count = sk_ASN1_TYPE_num(a->value.set);
+ if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
+ ii = 0;
+ count = X509_ATTRIBUTE_count(a);
get_next:
- at = sk_ASN1_TYPE_value(a->value.set, ii);
- type = at->type;
- bs = at->value.asn1_string;
- }
+ at = X509_ATTRIBUTE_get0_type(a, ii);
+ type = at->type;
+ bs = at->value.asn1_string;
}
for (j = 25 - j; j > 0; j--)
if (BIO_write(bp, " ", 1) != 1)
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index fff3ba1..70695b7 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -121,18 +121,9 @@ ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
{
X509_ATTRIBUTE *attrib;
int i;
- if (!attrs)
- return NULL;
- for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
- attrib = sk_X509_ATTRIBUTE_value(attrs, i);
- if (OBJ_obj2nid(attrib->object) == attr_nid) {
- if (sk_ASN1_TYPE_num(attrib->value.set))
- return sk_ASN1_TYPE_value(attrib->value.set, 0);
- else
- return NULL;
- }
- }
- return NULL;
+ i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
+ attrib = X509at_get_attr(attrs, i);
+ return X509_ATTRIBUTE_get0_type(attrib, 0);
}
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 54b7b07..f61d63b 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1067,23 +1067,11 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
{
- int i;
+ int idx;
X509_ATTRIBUTE *xa;
- ASN1_OBJECT *o;
-
- o = OBJ_nid2obj(nid);
- if (!o || !sk)
- return (NULL);
- for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
- xa = sk_X509_ATTRIBUTE_value(sk, i);
- if (OBJ_cmp(xa->object, o) == 0) {
- if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
- return (sk_ASN1_TYPE_value(xa->value.set, 0));
- else
- return (NULL);
- }
- }
- return (NULL);
+ idx = X509at_get_attr_by_NID(sk, nid, -1);
+ xa = X509at_get_attr(sk, idx);
+ return X509_ATTRIBUTE_get0_type(xa, 0);
}
ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
@@ -1167,7 +1155,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
attr = sk_X509_ATTRIBUTE_value(*sk, i);
- if (OBJ_obj2nid(attr->object) == nid) {
+ if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
X509_ATTRIBUTE_free(attr);
attr = X509_ATTRIBUTE_create(nid, atrtype, value);
if (attr == NULL)
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index f168b47..de96405 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -22,13 +22,13 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
x509_set.c x509cset.c x509rset.c x509_err.c \
x509name.c x509_v3.c x509_ext.c x509_att.c \
x509type.c x509_lu.c x_all.c x509_txt.c \
- x509_trs.c by_file.c by_dir.c x509_vpm.c
+ x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c
LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
x509_obj.o x509_req.o x509spki.o x509_vfy.o \
x509_set.o x509cset.o x509rset.o x509_err.o \
x509name.o x509_v3.o x509_ext.o x509_att.o \
x509type.o x509_lu.o x_all.o x509_txt.o \
- x509_trs.o by_file.o by_dir.o x509_vpm.o
+ x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o
SRC= $(LIBSRC)
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index afc16a3..64f1283 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -181,21 +181,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
DECLARE_STACK_OF(X509_EXTENSION)
-/* a sequence of these are used */
-typedef struct x509_attributes_st {
- ASN1_OBJECT *object;
- int single; /* 0 for a set, 1 for a single item (which is
- * wrong) */
- union {
- char *ptr;
- /*
- * 0
- */ STACK_OF(ASN1_TYPE) *set;
- /*
- * 1
- */ ASN1_TYPE *single;
- } value;
-} X509_ATTRIBUTE;
+typedef struct x509_attributes_st X509_ATTRIBUTE;
DECLARE_STACK_OF(X509_ATTRIBUTE)
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index bd59281..212c422 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -64,6 +64,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include "x509_lcl.h"
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
{
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index c7621fd..15b8618 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -70,3 +70,19 @@ struct X509_VERIFY_PARAM_ID_st {
};
int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
+
+/* a sequence of these are used */
+struct x509_attributes_st {
+ ASN1_OBJECT *object;
+ int single; /* 0 for a set, 1 for a single item (which is
+ * wrong) */
+ union {
+ char *ptr;
+ /*
+ * 0
+ */ STACK_OF(ASN1_TYPE) *set;
+ /*
+ * 1
+ */ ASN1_TYPE *single;
+ } value;
+};
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 01795f4..682c2c2 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -201,10 +201,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
- if (attr->single)
- ext = attr->value.single;
- else if (sk_ASN1_TYPE_num(attr->value.set))
- ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+ ext = X509_ATTRIBUTE_get0_type(attr, 0);
break;
}
if (!ext || (ext->type != V_ASN1_SEQUENCE))
@@ -223,37 +220,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
int nid)
{
- ASN1_TYPE *at = NULL;
- X509_ATTRIBUTE *attr = NULL;
- if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))
- goto err;
-
- at->type = V_ASN1_SEQUENCE;
+ int extlen;
+ int rv = 0;
+ unsigned char *ext = NULL;
/* Generate encoding of extensions */
- at->value.sequence->length =
- ASN1_item_i2d((ASN1_VALUE *)exts,
- &at->value.sequence->data,
- ASN1_ITEM_rptr(X509_EXTENSIONS));
- if (!(attr = X509_ATTRIBUTE_new()))
- goto err;
- if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
- goto err;
- if (!sk_ASN1_TYPE_push(attr->value.set, at))
- goto err;
- at = NULL;
- attr->single = 0;
- attr->object = OBJ_nid2obj(nid);
- if (!req->req_info->attributes) {
- if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
- goto err;
- }
- if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
- goto err;
- return 1;
- err:
- X509_ATTRIBUTE_free(attr);
- ASN1_TYPE_free(at);
- return 0;
+ extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
+ ASN1_ITEM_rptr(X509_EXTENSIONS));
+ if (extlen <= 0)
+ return 0;
+ rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+ OPENSSL_free(ext);
+ return rv;
}
/* This is the normal usage: use the "official" OID */
diff --git a/crypto/asn1/x_attrib.c b/crypto/x509/x_attrib.c
similarity index 99%
rename from crypto/asn1/x_attrib.c
rename to crypto/x509/x_attrib.c
index 93ef53b..335a85b 100644
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -61,6 +61,7 @@
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#include "x509_lcl.h"
/*-
* X509_ATTRIBUTE: this has the following form:
More information about the openssl-commits
mailing list