From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 3 Mar 2025 12:12:04 +0000 (-0500)
Subject: the boolean "true" encoding is fixed, and can be hard-coded
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a8a967a4d37f78893bc824934635afe27dd69ff;p=thirdparty%2Ffreeradius-server.git

the boolean "true" encoding is fixed, and can be hard-coded
---

diff --git a/src/protocols/der/encode.c b/src/protocols/der/encode.c
index 93791636e6..646f5c8600 100644
--- a/src/protocols/der/encode.c
+++ b/src/protocols/der/encode.c
@@ -1313,29 +1313,15 @@ static ssize_t fr_der_encode_X509_extensions(fr_dbuff_t *dbuff, fr_dcursor_t *cu
 			goto error;
 		}
 
+		/*
+		 *	Encode the critical flag
+		 */
 		if (is_critical) {
 			/*
-			 *	Encode the critical flag
+			 *	Universal+Boolean flag is always 0x01. Length of a boolean is always 0x01.
+			 *	True is always 0xff.
 			 */
-			slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_BOOLEAN, FR_DER_CLASS_UNIVERSAL,
-						 FR_DER_TAG_PRIMITIVE);
-			if (slen < 0) {
-				fr_dbuff_marker_release(&inner_seq_len_start);
-				goto error;
-			}
-
-			fr_dbuff_marker(&length_start, &our_dbuff);
-			FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
-
-			FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t)(0xff));
-
-			slen = fr_der_encode_len(&our_dbuff, &length_start);
-			fr_dbuff_marker_release(&length_start);
-			if (slen < 0) {
-				fr_dbuff_marker_release(&inner_seq_len_start);
-				goto error;
-			}
-
+			FR_DBUFF_IN_BYTES_RETURN(&our_dbuff, (uint8_t) 0x01, (uint8_t) 0x01, (uint8_t)(0xff));
 			is_critical--;
 		}