move default to der_attr_flags_t

which means that the default value is in attr_flags

Author: alandekok

share/dictionary/der/dictionary.common

@@ -61,8 +61,7 @@ END DirectoryName
 DEFINE	GeneralSubtree					sequence
 BEGIN GeneralSubtree
 DEFINE	base						sequence        clone=@.GeneralName
-ATTRIBUTE minimum					0	integer		has_default,option,optional
-VALUE	minimum				DEFAULT			0
+ATTRIBUTE minimum					0	integer		option,optional,default=0
 ATTRIBUTE maximum					1	integer		option,optional
 END GeneralSubtree
 

share/dictionary/der/dictionary.extensions

@@ -44,8 +44,7 @@ ATTRIBUTE	issuerAltName				2.5.29.18	group der_type=sequence,sequence_of=choice,
 
 ATTRIBUTE	basicConstraints			2.5.29.19	sequence is_oid_leaf
 BEGIN 2.5.29.19
-DEFINE	cA						boolean has_default
-VALUE	cA				DEFAULT			false
+DEFINE	cA						boolean		default=false
 DEFINE	pathLenConstraint				integer		optional
 END 2.5.29.19
 

share/dictionary/der/dictionary.oids

@@ -13,8 +13,7 @@ ATTRIBUTE	ecPublicKey				1.2.840.10045.2.1	oid     is_oid_leaf
 
 ATTRIBUTE	signatures				1.2.840.10045.4	sequence
 ATTRIBUTE	ecdsa-with-SHA2				1.2.840.10045.4.3	sequence
-ATTRIBUTE	ecdsa-with-SHA384			1.2.840.10045.4.3.3	bool     is_oid_leaf,has_default
-VALUE 1.2.840.10045.4.3.3       DEFAULT false
+ATTRIBUTE	ecdsa-with-SHA384			1.2.840.10045.4.3.3	bool     is_oid_leaf,default=false
 
 ATTRIBUTE	rsadsi					1.2.840.113549	sequence
 ATTRIBUTE	pkcs					1.2.840.113549.1	sequence

src/protocols/der/base.c

@@ -251,11 +251,30 @@ static int dict_flag_class(fr_dict_attr_t **da_p, char const *value, UNUSED fr_d
 	return 0;
 }
 
-static int dict_flag_has_default(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
+static int dict_flag_default_value(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
 {
 	fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
 
-	flags->has_default = true;
+	if (!fr_type_is_leaf((*da_p)->type)) {
+		fr_strerror_printf("Cannot set 'default=...' for attribute %s DER type %s",
+				   (*da_p)->name, fr_der_tag_to_str(flags->der_type));
+		return -1;
+	}
+
+	/*
+	 *	The default values are parented from the dict root.  That way we don't need to copy the values
+	 *	when we clone the attribute, we can just copy the pointer.
+	 */
+	flags->default_value = fr_value_box_alloc(fr_dict_unconst((*da_p)->dict), (*da_p)->type, NULL);
+	if (!flags->default_value) return -1;
+
+	if (fr_value_box_from_str(flags->default_value, flags->default_value, (*da_p)->type, NULL,
+				  value, strlen(value), NULL, false) < 0) {
+		fr_strerror_printf("Failed parsing 'value=...' - %s", fr_strerror());
+		return -1;
+	}
+
+	flags->has_default_value = true;
 
 	return 0;
 }
@@ -587,8 +606,8 @@ static int dict_flag_optional(fr_dict_attr_t **da_p, UNUSED char const *value, U
 
 static const fr_dict_flag_parser_t  der_flags[] = {
 	{ L("class"),		{ .func = dict_flag_class } },
+	{ L("default"),		{ .func = dict_flag_default_value,.needs_value = true } },
 	{ L("der_type"),	{ .func = dict_flag_der_type, .needs_value = true } },
-	{ L("has_default"),	{ .func = dict_flag_has_default } },
 	{ L("is_extensions"),	{ .func = dict_flag_is_extensions } },
 	{ L("is_oid_leaf"),	{ .func = dict_flag_is_oid_leaf } },
 	{ L("max"),		{ .func = dict_flag_max, .needs_value = true } },

src/protocols/der/decode.c

@@ -2428,9 +2428,8 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 	 */
 	if (unlikely(slen == 0)) {
 		fr_pair_t	     *vp;
-		fr_dict_enum_value_t *ev;
 
-		if (likely(!flags->has_default)) return 0;
+		if (likely(!flags->has_default_value)) return 0;
 
 	create_default:
 		vp = fr_pair_afrom_da(ctx, parent);
@@ -2439,16 +2438,11 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 			return -1;
 		}
 
-		ev = fr_dict_enum_by_name(parent, "DEFAULT", strlen("DEFAULT"));
-		if (unlikely(ev == NULL)) {
-			fr_strerror_printf_push("No DEFAULT value for attribute %s", parent->name);
-		error:
+		if (fr_value_box_copy(vp, &vp->data, flags->default_value) < 0) {
 			talloc_free(vp);
 			return -1;
 		}
 
-		if (fr_value_box_copy(vp, &vp->data, ev->value) < 0) goto error;
-
 		vp->data.enumv = vp->da;
 
 		fr_pair_append(out, vp);
@@ -2497,7 +2491,7 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 	 *	NULL.
 	 */
 	if (unlikely(fr_dbuff_remaining(&our_in) == 0)) {
-		if (flags->has_default) goto create_default;
+		if (flags->has_default_value) goto create_default;
 
 		if (tag == FR_DER_TAG_NULL) {
 			func = &tag_funcs[FR_DER_TAG_NULL];
@@ -2531,7 +2525,7 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 		/*
 		 *	Optional or not, if we can create a default value, then do so.
 		 */
-		if (flags->has_default) goto create_default;
+		if (flags->has_default_value) goto create_default;
 
 		/*
 		 *	Optional means "decoded nothing".  Otherwise it's a hard failure.

src/protocols/der/der.h

@@ -27,7 +27,7 @@
 
 #include <freeradius-devel/build.h>
 #include <freeradius-devel/util/dict.h>
-#include <freeradius-devel/util/types.h>
+#include <freeradius-devel/util/value.h>
 
 extern HIDDEN fr_dict_t const *dict_der;
 
@@ -98,6 +98,7 @@ typedef struct {
 	union {
 		fr_der_tag_t 		sequence_of;
 		fr_der_tag_t 		set_of;
+		fr_value_box_t		*default_value;
 	};
 	uint64_t 		max;			//!< maximum count of items in a sequence, set, or string.
 	uint32_t		restrictions;		//!< for choice of options and tags - no dups allowed
@@ -107,13 +108,14 @@ typedef struct {
 	bool			optional : 1;		//!< optional, we MUST already have set 'option'
 	bool			is_sequence_of : 1;	//!< sequence_of has been defined
 	bool 			is_set_of : 1;		//!< set_of has been defined
-	bool 			is_oid_and_value : 1;		//!< is OID+value
+	bool 			is_oid_and_value : 1;	//!< is OID+value
 	bool 			is_extensions : 1;	//!< a list of X.509 extensions
-	bool 			has_default : 1;	//!< a default value exists
+	bool			has_default_value : 1;	//!< a default value exists
 	bool 			is_oid_leaf : 1;
 	bool			is_choice : 1;		//!< DER name "choice".
 } fr_der_attr_flags_t;
 
+
 static inline fr_der_attr_flags_t const *fr_der_attr_flags(fr_dict_attr_t const *da)
 {
 	return fr_dict_attr_ext(da, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
@@ -130,7 +132,7 @@ static inline fr_der_attr_flags_t const *fr_der_attr_flags(fr_dict_attr_t const
 #define fr_der_flag_max(_da) 		(fr_der_attr_flags(_da)->max)
 #define fr_der_flag_is_oid_and_value(_da) (fr_der_attr_flags(_da)->is_oid_and_value)
 #define fr_der_flag_is_extensions(_da) 	(fr_der_attr_flags(_da)->is_extensions)
-#define fr_der_flag_has_default(_da) 	(fr_der_attr_flags(_da)->has_default)
+#define fr_der_flag_has_default_value(_da) 	((fr_der_attr_flags(_da)->has_default_value) != NULL);
 #define fr_der_flag_is_oid_leaf(_da) 	(fr_der_attr_flags(_da)->is_oid_leaf)
 #define fr_der_flag_is_choice(_da) 	(fr_der_attr_flags(_da)->is_choice)
 

src/protocols/der/encode.c

@@ -1865,19 +1865,11 @@ static ssize_t encode_value(fr_dbuff_t *dbuff, UNUSED fr_da_stack_t *da_stack, U
 	 *
 	 */
 
-	if (flags->has_default) {
+	if (flags->has_default_value) {
 		/*
 		 *	Skip encoding the default value, as per ISO/IEC 8825-1:2021 11.5
 		 */
-		fr_dict_enum_value_t const *evp;
-
-		evp = fr_dict_enum_by_name(vp->da, "DEFAULT", strlen("DEFAULT"));
-		if (unlikely(!evp)) {
-			fr_strerror_printf("No default value for %s", vp->da->name);
-			return -1;
-		}
-
-		if (fr_value_box_cmp(&vp->data, evp->value) == 0) {
+		if (fr_value_box_cmp(&vp->data, flags->default_value) == 0) {
 			FR_PROTO_TRACE("Skipping default value");
 			fr_dcursor_next(cursor);
 			return 0;

src/tests/unit/protocols/der/base.txt

@@ -195,10 +195,10 @@ decode-pair 30 06 02 01 09 01 01 FF
 match Foo-Bar = { Test-Integer = 9, Test-Boolean = yes }
 
 decode-pair 30 06 02 01 01 01 01 FF
-match Foo-Bar = { Test-Integer = ::DEFAULT, Test-Boolean = yes }
+match Foo-Bar = { Test-Integer = 1, Test-Boolean = yes }
 
 decode-pair 30 03 01 01 FF
-match Foo-Bar = { Test-Integer = ::DEFAULT, Test-Boolean = yes }
+match Foo-Bar = { Test-Integer = 1, Test-Boolean = yes }
 
 decode-pair 30 06 02 01 09 01 01 01
 match Boolean is not correctly DER encoded (0x00 or 0xff).: Failed decoding Foo-Bar

src/tests/unit/protocols/der/dictionary.test

@@ -47,8 +47,7 @@ END Bar
 
 DEFINE	Foo-Bar						sequence
 BEGIN Foo-Bar
-DEFINE		Test-Integer				integer has_default
-VALUE	Test-Integer			DEFAULT			1
+DEFINE		Test-Integer				integer default=1
 DEFINE		Test-Boolean				bool
 END Foo-Bar