Google Git
Sign in
boringssl / boringssl / 39cc892c73d6c3faf2e604c44509f132c232f24c^! / .
commit39cc892c73d6c3faf2e604c44509f132c232f24c[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Nov 12 14:09:43 2023 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Nov 17 21:14:31 2023 +0000
treed47b820266bf68e84b29b8c74a60f5010a9ec033
parent9177d65315147771026640d9af4c101435eb737d [diff]
Remove the redundant idp_reasons field

This is part of onlySomeReasons handling, which was removed with
extended CRL support. Demonstrating that the code to be removed is a
no-op takes a few steps, so I'm splitting this into a couple CLs for
ease of review.

First, every CRL either has the IDP_REASONS set, or idp_reasons is
CRLDP_ALL_REASONS. The only thing that reads idp_reasons is
crl_crldp_check, which is run after get_crl_score skips all IDP_REASONS
certificates. Thus, the field can be assumed to be CRLDP_ALL_REASONS.

Bug: 601
Change-Id: I4d41b5665d35db10dd9752e47553ae90f46f1e44
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63934
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>

diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 72d0f9b..e56f243 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h

@@ -218,7 +218,6 @@
   ISSUING_DIST_POINT *idp;
   // Convenient breakdown of IDP
   int idp_flags;
-  int idp_reasons;
   unsigned char crl_hash[SHA256_DIGEST_LENGTH];
   STACK_OF(GENERAL_NAMES) *issuers;
 } /* X509_CRL */;

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1abbc00..c83de7d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -1257,7 +1257,7 @@
       return 0;
     }
   }
-  *preasons = crl->idp_reasons;
+  *preasons = CRLDP_ALL_REASONS;
   for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
     DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
     if (crldp_check_crlissuer(dp, crl, crl_score)) {

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index e7b5eda..c999523 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c

@@ -190,7 +190,6 @@
 static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg) {
   X509_CRL *crl = (X509_CRL *)*pval;
-  size_t idx;
   int i;
 
   switch (operation) {
@@ -199,7 +198,6 @@
       crl->akid = NULL;
       crl->flags = 0;
       crl->idp_flags = 0;
-      crl->idp_reasons = CRLDP_ALL_REASONS;
       crl->issuers = NULL;
       break;
 
@@ -248,7 +246,7 @@
       // critical sets the flag. This code accesses the X509_CRL structure
       // directly: applications shouldn't do this.
       const STACK_OF(X509_EXTENSION) *exts = crl->crl->extensions;
-      for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+      for (size_t idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
         const X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, idx);
         int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
         if (X509_EXTENSION_get_critical(ext)) {
@@ -306,13 +304,6 @@
 
   if (idp->onlysomereasons) {
     crl->idp_flags |= IDP_REASONS;
-    if (idp->onlysomereasons->length > 0) {
-      crl->idp_reasons = idp->onlysomereasons->data[0];
-    }
-    if (idp->onlysomereasons->length > 1) {
-      crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
-    }
-    crl->idp_reasons &= CRLDP_ALL_REASONS;
   }
 
   return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));