[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Mar 25 15:47:30 UTC 2015
The branch master has been updated
via e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68 (commit)
from ca3a82c3b364e1e584546f0f3bbb938b0b472580 (commit)
- Log -----------------------------------------------------------------
commit e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Mar 25 15:08:55 2015 +0000
Remove X509_ATTRIBUTE hack.
The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_att.c | 20 +++++---------------
crypto/x509/x509_lcl.h | 12 +-----------
crypto/x509/x_attrib.c | 25 +++----------------------
3 files changed, 9 insertions(+), 48 deletions(-)
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 212c422..292546b 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -317,9 +317,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
goto err;
atype = attrtype;
}
- if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
- goto err;
- attr->single = 0;
/*
* This is a bit naughty because the attribute should really have at
* least one value but some types use and zero length SET and require
@@ -334,7 +331,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
goto err;
} else
ASN1_TYPE_set(ttmp, atype, stmp);
- if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+ if (!sk_ASN1_TYPE_push(attr->set, ttmp))
goto err;
return 1;
err:
@@ -344,11 +341,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
{
- if (!attr->single)
- return sk_ASN1_TYPE_num(attr->value.set);
- if (attr->value.single)
- return 1;
- return 0;
+ if (attr == NULL)
+ return 0;
+ return sk_ASN1_TYPE_num(attr->set);
}
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
@@ -375,11 +370,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
{
if (attr == NULL)
- return (NULL);
- if (idx >= X509_ATTRIBUTE_count(attr))
return NULL;
- if (!attr->single)
- return sk_ASN1_TYPE_value(attr->value.set, idx);
- else
- return attr->value.single;
+ return sk_ASN1_TYPE_value(attr->set, idx);
}
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 5e38f5f..427d8ca 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -74,17 +74,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
/* a sequence of these are used */
struct x509_attributes_st {
ASN1_OBJECT *object;
- int single; /* 0 for a set, 1 for a single item (which is
- * wrong) */
- union {
- char *ptr;
- /*
- * 0
- */ STACK_OF(ASN1_TYPE) *set;
- /*
- * 1
- */ ASN1_TYPE *single;
- } value;
+ STACK_OF(ASN1_TYPE) *set;
};
struct X509_extension_st {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 335a85b..a07a5da 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -69,30 +69,14 @@
* typedef struct x509_attributes_st
* {
* ASN1_OBJECT *object;
- * int single;
- * union {
- * char *ptr;
- * STACK_OF(ASN1_TYPE) *set;
- * ASN1_TYPE *single;
- * } value;
+ * STACK_OF(ASN1_TYPE) *set;
* } X509_ATTRIBUTE;
*
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
*/
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
- ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
- ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
- /* CHOICE type merged with parent */
- ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+ ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
@@ -106,12 +90,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return (NULL);
ret->object = OBJ_nid2obj(nid);
- ret->single = 0;
- if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
- goto err;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
- if (!sk_ASN1_TYPE_push(ret->value.set, val))
+ if (!sk_ASN1_TYPE_push(ret->set, val))
goto err;
ASN1_TYPE_set(val, atrtype, value);
More information about the openssl-commits
mailing list