[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Thu Mar 26 22:26:58 UTC 2015
The branch master has been updated
via ee9d76371ae8ea433c19162c2e1522dcd188e556 (commit)
via ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 (commit)
from dd14f911714da77876a3c17e0168b6afef923be8 (commit)
- Log -----------------------------------------------------------------
commit ee9d76371ae8ea433c19162c2e1522dcd188e556
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Mar 26 15:39:55 2015 +0000
Remove combine option from ASN.1 code.
Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Mar 26 14:35:49 2015 +0000
Simplify DSA public key handling.
DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.
Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1.h | 2 +-
crypto/asn1/asn1_err.c | 2 +-
crypto/asn1/asn1t.h | 14 --------------
crypto/asn1/tasn_fre.c | 28 +++++++---------------------
crypto/asn1/tasn_new.c | 41 ++++++++++++++---------------------------
crypto/asn1/tasn_utl.c | 2 --
crypto/dsa/dsa.h | 1 -
crypto/dsa/dsa_ameth.c | 11 +++++++++--
crypto/dsa/dsa_asn1.c | 9 ++-------
crypto/dsa/dsa_lib.c | 1 -
10 files changed, 34 insertions(+), 77 deletions(-)
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 0cf5c46..141e630 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -973,7 +973,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_INTEGER_TO_BN 119
# define ASN1_F_ASN1_ITEM_D2I_FP 206
# define ASN1_F_ASN1_ITEM_DUP 191
-# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_NEW 121
# define ASN1_F_ASN1_ITEM_EX_D2I 120
# define ASN1_F_ASN1_ITEM_I2D_BIO 192
# define ASN1_F_ASN1_ITEM_I2D_FP 193
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index ff7a2eb..b70ddb7 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -101,7 +101,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index c54d3d4..7a2611e 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -299,11 +299,6 @@ extern "C" {
(flags), (tag), offsetof(stname, field),\
#field, ASN1_ITEM_ref(type) }
-/* used when the structure is combined with the parent */
-
-# define ASN1_EX_COMBINE(flags, tag, type) { \
- (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
/* implicit and explicit helper macros */
# define ASN1_IMP_EX(stname, field, type, tag, ex) \
@@ -543,15 +538,6 @@ struct ASN1_ADB_TABLE_st {
# define ASN1_TFLG_ADB_INT (0x1<<9)
/*
- * This flag means a parent structure is passed instead of the field: this is
- * useful is a SEQUENCE is being combined with a CHOICE for example. Since
- * this means the structure and item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-# define ASN1_TFLG_COMBINE (0x1<<10)
-
-/*
* This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
* indefinite length constructed encoding to be used if required.
*/
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index fd9f046..e846561 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -63,24 +63,15 @@
#include <openssl/objects.h>
#include "asn1_locl.h"
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine);
-
/* Free up an ASN1 structure */
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
{
- asn1_item_combine_free(&val, it, 0);
+ ASN1_item_ex_free(&val, it);
}
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- asn1_item_combine_free(pval, it, 0);
-}
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine)
-{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
@@ -125,10 +116,8 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
- if (!combine) {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
+ OPENSSL_free(*pval);
+ *pval = NULL;
break;
case ASN1_ITYPE_EXTERN:
@@ -163,10 +152,8 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
- if (!combine) {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
+ OPENSSL_free(*pval);
+ *pval = NULL;
break;
}
}
@@ -180,13 +167,12 @@ void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
- asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+ ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
}
sk_ASN1_VALUE_free(sk);
*pval = NULL;
} else {
- asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
- tt->flags & ASN1_TFLG_COMBINE);
+ ASN1_item_ex_free(pval, ASN1_ITEM_ptr(tt->item));
}
}
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index b1f4da2..1b36ecc 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -65,8 +65,6 @@
#include <string.h>
#include "asn1_locl.h"
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine);
static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
@@ -85,12 +83,6 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- return asn1_item_ex_combine_new(pval, it, 0);
-}
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine)
-{
const ASN1_TEMPLATE *tt = NULL;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
@@ -102,8 +94,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
else
asn1_cb = 0;
- if (!combine)
- *pval = NULL;
+ *pval = NULL;
#ifdef CRYPTO_MDEBUG
if (it->sname)
@@ -146,12 +137,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
}
}
- if (!combine) {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- }
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr;
@@ -171,14 +160,12 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
}
}
- if (!combine) {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- asn1_do_lock(pval, 0, it);
- asn1_enc_init(pval, it);
- }
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ asn1_do_lock(pval, 0, it);
+ asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
if (!asn1_template_new(pseqval, tt))
@@ -195,7 +182,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
memerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_pop_info();
@@ -203,7 +190,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;
auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+ ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
if (it->sname)
@@ -278,7 +265,7 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
goto done;
}
/* Otherwise pass it back to the item routine */
- ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+ ret = ASN1_item_ex_new(pval, it);
done:
#ifdef CRYPTO_MDEBUG
if (it->sname)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index da7b029..17318ea 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -202,8 +202,6 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
ASN1_VALUE **pvaltmp;
- if (tt->flags & ASN1_TFLG_COMBINE)
- return pval;
pvaltmp = offset2ptr(*pval, tt->offset);
/*
* NOTE for BOOLEAN types the field is just a plain int so we can't
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 949360f..8fd5596 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -160,7 +160,6 @@ struct dsa_st {
*/
int pad;
long version;
- int write_params;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 96d5c5a..65e07fd 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -132,6 +132,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
unsigned char *penc = NULL;
int penclen;
ASN1_STRING *str = NULL;
+ ASN1_INTEGER *pubint = NULL;
dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
@@ -149,9 +150,15 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
} else
ptype = V_ASN1_UNDEF;
- dsa->write_params = 0;
+ pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
- penclen = i2d_DSAPublicKey(dsa, &penc);
+ if (pubint == NULL) {
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ penclen = i2d_ASN1_INTEGER(pubint, &penc);
+ ASN1_INTEGER_free(pubint);
if (penclen <= 0) {
DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 08ed52b..e7f80a8 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -132,17 +132,12 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
* key as an INTEGER or the parameters and public key in a SEQUENCE
*/
-ASN1_SEQUENCE(dsa_pub_internal) = {
+ASN1_SEQUENCE(DSAPublicKey) = {
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
ASN1_SIMPLE(DSA, p, BIGNUM),
ASN1_SIMPLE(DSA, q, BIGNUM),
ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, pub_key, BIGNUM),
- ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+} ASN1_SEQUENCE_END_name(DSA, DSAPublicKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index bfd9106..c94be9d 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -146,7 +146,6 @@ DSA *DSA_new_method(ENGINE *engine)
ret->pad = 0;
ret->version = 0;
- ret->write_params = 1;
ret->p = NULL;
ret->q = NULL;
ret->g = NULL;
More information about the openssl-commits
mailing list