[openssl-dev] PKCS12 safecontents bag type deviation from spec

[Sands, Daniel]

After noticing that a safecontents bag written to a file was in a
different order than I added them, I did some experimentation and
discovered that it's sorting the list, which led me to notice that it's
defining a safecontentsbag as a SET OF safecontents, which causes
sorting:



ASN1_ADB(PKCS12_SAFEBAG) = {
        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag,
PKCS8_PRIV_KEY_INFO, 0)),
        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG,
value.shkeybag, X509_SIG, 0)),
        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG,
value.safes, PKCS12_SAFEBAG, 0)),
        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag,
PKCS12_BAGS, 0)),
        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag,
PKCS12_BAGS, 0)),
        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag,
PKCS12_BAGS, 0))
} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);




PKCS12 specifies that a safecontents bag is a SEQUENCE OF safecontents,
just like the top-level authsafe is:



SafeContents ::= SEQUENCE OF SafeBag

...

The sixth type of bag that can be held in a SafeBag is a
   SafeContents.




Is the deviation from the spec intentional?