Unwind ASN1_TFLG_NDEF.
Sadly we need to keep ASN1_put_eoc. Ruby uses it.
OpenSSL's PKCS#7 implementation generated an "ndef" variant of the
encoding functions, to request indefinite-length encoding. Remove the
support code for this.
Update-Note: Types that use one of the NDEF macros in asn1t.h will fail
to compile. This CL should not affect certificate parsing.
Change-Id: I6e03f6927ea4b7a6acd73ac58bf49512b39baab8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43889
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 128d28f..481a4d7 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -251,6 +251,8 @@
int ASN1_put_eoc(unsigned char **pp)
{
+ /* This function is no longer used in the library, but some external code
+ * uses it. */
unsigned char *p = *pp;
*p++ = 0;
*p++ = 0;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 375d103..1512bfc 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -307,7 +307,6 @@
*in = p;
return 1;
- case ASN1_ITYPE_NDEF_SEQUENCE:
case ASN1_ITYPE_SEQUENCE:
p = *in;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 7487833..c02f3c5 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -76,16 +76,9 @@
const ASN1_ITEM *it, int flags);
/*
- * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
- * indefinite length constructed encoding, where appropriate
+ * Top level i2d equivalents
*/
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
- const ASN1_ITEM *it)
-{
- return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-}
-
int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
{
return asn1_item_flags_i2d(val, out, it, 0);
@@ -128,7 +121,7 @@
const ASN1_ITEM *it, int tag, int aclass)
{
const ASN1_TEMPLATE *tt = NULL;
- int i, seqcontlen, seqlen, ndef = 1;
+ int i, seqcontlen, seqlen;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb = 0;
@@ -172,12 +165,6 @@
ef = it->funcs;
return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
- case ASN1_ITYPE_NDEF_SEQUENCE:
- /* Use indefinite length constructed if requested */
- if (aclass & ASN1_TFLG_NDEF)
- ndef = 2;
- OPENSSL_FALLTHROUGH;
-
case ASN1_ITYPE_SEQUENCE:
i = asn1_enc_restore(&seqcontlen, out, pval, it);
/* An error occurred */
@@ -212,11 +199,11 @@
seqcontlen += tmplen;
}
- seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+ seqlen = ASN1_object_size(/*constructed=*/1, seqcontlen, tag);
if (!out || seqlen == -1)
return seqlen;
/* Output SEQUENCE header */
- ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+ ASN1_put_object(out, /*constructed=*/1, seqcontlen, tag, aclass);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
@@ -227,8 +214,6 @@
/* FIXME: check for errors in enhanced version */
asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
}
- if (ndef == 2)
- ASN1_put_eoc(out);
if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
return 0;
return seqlen;
@@ -243,7 +228,7 @@
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
- int i, ret, flags, ttag, tclass, ndef;
+ int i, ret, flags, ttag, tclass;
size_t j;
flags = tt->flags;
/*
@@ -279,12 +264,6 @@
* class and iclass is any flags passed to this function.
*/
- /* if template and arguments require ndef, use it */
- if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
- ndef = 2;
- else
- ndef = 1;
-
if (flags & ASN1_TFLG_SK_MASK) {
/* SET OF, SEQUENCE OF */
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
@@ -329,12 +308,12 @@
return -1;
skcontlen += tmplen;
}
- sklen = ASN1_object_size(ndef, skcontlen, sktag);
+ sklen = ASN1_object_size(/*constructed=*/1, skcontlen, sktag);
if (sklen == -1)
return -1;
/* If EXPLICIT need length of surrounding tag */
if (flags & ASN1_TFLG_EXPTAG)
- ret = ASN1_object_size(ndef, sklen, ttag);
+ ret = ASN1_object_size(/*constructed=*/1, sklen, ttag);
else
ret = sklen;
@@ -344,18 +323,12 @@
/* Now encode this lot... */
/* EXPLICIT tag */
if (flags & ASN1_TFLG_EXPTAG)
- ASN1_put_object(out, ndef, sklen, ttag, tclass);
+ ASN1_put_object(out, /*constructed=*/1, sklen, ttag, tclass);
/* SET or SEQUENCE and IMPLICIT tag */
- ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+ ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass);
/* And the stuff itself */
asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
isset, iclass);
- if (ndef == 2) {
- ASN1_put_eoc(out);
- if (flags & ASN1_TFLG_EXPTAG)
- ASN1_put_eoc(out);
- }
-
return ret;
}
@@ -366,13 +339,11 @@
if (!i)
return 0;
/* Find length of EXPLICIT tag */
- ret = ASN1_object_size(ndef, i, ttag);
+ ret = ASN1_object_size(/*constructed=*/1, i, ttag);
if (out && ret != -1) {
/* Output tag and item */
- ASN1_put_object(out, ndef, i, ttag, tclass);
+ ASN1_put_object(out, /*constructed=*/1, i, ttag, tclass);
ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
- if (ndef == 2)
- ASN1_put_eoc(out);
}
return ret;
}
@@ -471,7 +442,6 @@
int len;
int utype;
int usetag;
- int ndef = 0;
utype = it->utype;
@@ -497,12 +467,6 @@
if (len == -1)
return 0;
- /* -2 return is special meaning use ndef */
- if (len == -2) {
- ndef = 2;
- len = 0;
- }
-
/* If not implicitly tagged get tag from underlying type */
if (tag == -1)
tag = utype;
@@ -510,16 +474,13 @@
/* Output tag+length followed by content octets */
if (out) {
if (usetag)
- ASN1_put_object(out, ndef, len, tag, aclass);
+ ASN1_put_object(out, /*constructed=*/0, len, tag, aclass);
asn1_ex_i2c(pval, *out, &utype, it);
- if (ndef)
- ASN1_put_eoc(out);
- else
- *out += len;
+ *out += len;
}
if (usetag)
- return ASN1_object_size(ndef, len, tag);
+ return ASN1_object_size(/*constructed=*/0, len, tag);
return len;
}
@@ -626,16 +587,6 @@
default:
/* All based on ASN1_STRING and handled the same */
strtmp = (ASN1_STRING *)*pval;
- /* Special handling for NDEF */
- if ((it->size == ASN1_TFLG_NDEF)
- && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
- if (cout) {
- strtmp->data = cout;
- strtmp->length = 0;
- }
- /* Special return code */
- return -2;
- }
cont = strtmp->data;
len = strtmp->length;
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 82431d7..78d6626 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -129,7 +129,6 @@
ef->asn1_ex_free(pval, it);
break;
- case ASN1_ITYPE_NDEF_SEQUENCE:
case ASN1_ITYPE_SEQUENCE:
if (!asn1_refcount_dec_and_test_zero(pval, it))
return;
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 5f7f94e..139a044 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -154,7 +154,6 @@
goto auxerr2;
break;
- case ASN1_ITYPE_NDEF_SEQUENCE:
case ASN1_ITYPE_SEQUENCE:
if (asn1_cb) {
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
@@ -240,7 +239,6 @@
case ASN1_ITYPE_CHOICE:
case ASN1_ITYPE_SEQUENCE:
- case ASN1_ITYPE_NDEF_SEQUENCE:
*pval = NULL;
break;
}
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
index 7c5bfd5..44399ea 100644
--- a/crypto/asn1/tasn_typ.c
+++ b/crypto/asn1/tasn_typ.c
@@ -117,8 +117,6 @@
/* Special, OCTET STRING with indefinite length constructed support */
-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
-
ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index a7516f6..91e0842 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -91,8 +91,7 @@
static CRYPTO_refcount_t *asn1_get_references(ASN1_VALUE **pval,
const ASN1_ITEM *it) {
- if (it->itype != ASN1_ITYPE_SEQUENCE &&
- it->itype != ASN1_ITYPE_NDEF_SEQUENCE) {
+ if (it->itype != ASN1_ITYPE_SEQUENCE) {
return NULL;
}
const ASN1_AUX *aux = it->funcs;
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 0cffd57..b6d1441 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -280,9 +280,6 @@
OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \
DECLARE_ASN1_ITEM(name)
-#define DECLARE_ASN1_NDEF_FUNCTION(name) \
- OPENSSL_EXPORT int i2d_##name##_NDEF(name *a, unsigned char **out);
-
#define DECLARE_ASN1_FUNCTIONS_const(name) \
DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
@@ -707,8 +704,6 @@
DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, int offset_day, long offset_sec);
OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t);
@@ -789,7 +784,6 @@
OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
OPENSSL_EXPORT ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-OPENSSL_EXPORT int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 540ca06..7e55ecd 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -141,12 +141,6 @@
#stname \
ASN1_ITEM_end(tname)
-#define ASN1_NDEF_SEQUENCE(tname) \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
- ASN1_SEQUENCE_cb(tname, cb)
-
#define ASN1_SEQUENCE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
ASN1_SEQUENCE(tname)
@@ -159,18 +153,6 @@
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \
ASN1_SEQUENCE(tname)
-#define ASN1_NDEF_SEQUENCE_END(tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_NDEF_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(tname),\
- #tname \
- ASN1_ITEM_end(tname)
-
#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
@@ -187,18 +169,6 @@
#stname \
ASN1_ITEM_end(tname)
-#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_NDEF_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- &tname##_aux,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
-
/* This pair helps declare a CHOICE type. We can do:
*
@@ -347,14 +317,6 @@
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
/* Macros for the ASN1_ADB structure */
#define ASN1_ADB(name) \
@@ -498,13 +460,6 @@
#define ASN1_TFLG_COMBINE (0x1<<10)
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF (0x1<<11)
-
/* This is the actual ASN1 item itself */
struct ASN1_ITEM_st {
@@ -553,10 +508,6 @@
* has a special meaning, it is used as a mask
* of acceptable types using the B_ASN1 constants.
*
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
*/
#define ASN1_ITYPE_PRIMITIVE 0x0
@@ -569,8 +520,6 @@
#define ASN1_ITYPE_MSTRING 0x5
-#define ASN1_ITYPE_NDEF_SEQUENCE 0x6
-
/* Cache for ASN1 tag and length, so we
* don't keep re-reading it for things
* like CHOICE
@@ -771,12 +720,6 @@
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
}
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
- int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
- { \
- return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
- }
-
/* This includes evil casts to remove const: they will go away when full
* ASN1 constification is done.
*/