[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Mar 25 15:47:30 UTC 2015


The branch master has been updated
       via  e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68 (commit)
      from  ca3a82c3b364e1e584546f0f3bbb938b0b472580 (commit)


- Log -----------------------------------------------------------------
commit e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Mar 25 15:08:55 2015 +0000

    Remove X509_ATTRIBUTE hack.
    
    The X509_ATTRIBUTE structure includes a hack to tolerate malformed
    attributes that encode as the type instead of SET OF type. This form
    is never created by OpenSSL and shouldn't be needed any more.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_att.c | 20 +++++---------------
 crypto/x509/x509_lcl.h | 12 +-----------
 crypto/x509/x_attrib.c | 25 +++----------------------
 3 files changed, 9 insertions(+), 48 deletions(-)

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 212c422..292546b 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -317,9 +317,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
             goto err;
         atype = attrtype;
     }
-    if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
-        goto err;
-    attr->single = 0;
     /*
      * This is a bit naughty because the attribute should really have at
      * least one value but some types use and zero length SET and require
@@ -334,7 +331,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
             goto err;
     } else
         ASN1_TYPE_set(ttmp, atype, stmp);
-    if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+    if (!sk_ASN1_TYPE_push(attr->set, ttmp))
         goto err;
     return 1;
  err:
@@ -344,11 +341,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
 
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-    if (!attr->single)
-        return sk_ASN1_TYPE_num(attr->value.set);
-    if (attr->value.single)
-        return 1;
-    return 0;
+    if (attr == NULL)
+        return 0;
+    return sk_ASN1_TYPE_num(attr->set);
 }
 
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
@@ -375,11 +370,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
     if (attr == NULL)
-        return (NULL);
-    if (idx >= X509_ATTRIBUTE_count(attr))
         return NULL;
-    if (!attr->single)
-        return sk_ASN1_TYPE_value(attr->value.set, idx);
-    else
-        return attr->value.single;
+    return sk_ASN1_TYPE_value(attr->set, idx);
 }
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 5e38f5f..427d8ca 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -74,17 +74,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
 /* a sequence of these are used */
 struct x509_attributes_st {
     ASN1_OBJECT *object;
-    int single;                 /* 0 for a set, 1 for a single item (which is
-                                 * wrong) */
-    union {
-        char *ptr;
-        /*
-         * 0
-         */ STACK_OF(ASN1_TYPE) *set;
-        /*
-         * 1
-         */ ASN1_TYPE *single;
-    } value;
+    STACK_OF(ASN1_TYPE) *set;
 };
 
 struct X509_extension_st {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 335a85b..a07a5da 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -69,30 +69,14 @@
  * typedef struct x509_attributes_st
  *      {
  *      ASN1_OBJECT *object;
- *      int single;
- *      union   {
- *              char            *ptr;
- *              STACK_OF(ASN1_TYPE) *set;
- *              ASN1_TYPE       *single;
- *              } value;
+ *      STACK_OF(ASN1_TYPE) *set;
  *      } X509_ATTRIBUTE;
  *
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
  */
 
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
-        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
-        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
 ASN1_SEQUENCE(X509_ATTRIBUTE) = {
         ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
-        /* CHOICE type merged with parent */
-        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
@@ -106,12 +90,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
     if ((ret = X509_ATTRIBUTE_new()) == NULL)
         return (NULL);
     ret->object = OBJ_nid2obj(nid);
-    ret->single = 0;
-    if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
-        goto err;
     if ((val = ASN1_TYPE_new()) == NULL)
         goto err;
-    if (!sk_ASN1_TYPE_push(ret->value.set, val))
+    if (!sk_ASN1_TYPE_push(ret->set, val))
         goto err;
 
     ASN1_TYPE_set(val, atrtype, value);


More information about the openssl-commits mailing list