From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 13 Aug 2021 11:01:37 +0000 (+0200)
Subject: Revert "ASN.1: Refuse to encode to DER if non-optional items are missing"
X-Git-Tag: OpenSSL_1_1_1l~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=331c4b59077603c88d27f9ab663d86843339d034;p=thirdparty%2Fopenssl.git

Revert "ASN.1: Refuse to encode to DER if non-optional items are missing"

This reverts commit 006906cddda37e24a66443199444ef4476697477.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
---

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 6eb300a21ed..bcc96337bca 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -213,7 +213,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_TEMPLATE *tt, int tag, int iclass)
 {
-    int i, ret, flags, ttag, tclass, ndef, len;
+    int i, ret, flags, ttag, tclass, ndef;
     ASN1_VALUE *tval;
     flags = tt->flags;
 
@@ -300,17 +300,13 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         /* Determine total length of items */
         skcontlen = 0;
         for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
             skitem = sk_ASN1_VALUE_value(sk, i);
-            len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
-                                   -1, iclass);
-            if (len == -1 || (skcontlen > INT_MAX - len))
-                return -1;
-            if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
-                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D,
-                        ASN1_R_ILLEGAL_ZERO_CONTENT);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
                 return -1;
-            }
-            skcontlen += len;
+            skcontlen += tmplen;
         }
         sklen = ASN1_object_size(ndef, skcontlen, sktag);
         if (sklen == -1)
@@ -348,10 +344,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
         if (!i)
             return 0;
-        if (i == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT);
-            return -1;
-        }
         /* Find length of EXPLICIT tag */
         ret = ASN1_object_size(ndef, i, ttag);
         if (out && ret != -1) {
@@ -365,13 +357,9 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
     }
 
     /* Either normal or IMPLICIT tagging: combine class and flags */
-    len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-                              ttag, tclass | iclass);
-    if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
-        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT);
-        return -1;
-    }
-    return len;
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
+
 }
 
 /* Temporary structure used to hold DER encoding of items for SET OF */