Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls

regress for the moment.  this will come back after we rethink
the failure versus not there case.

ok tb@ jsing@

2 files changed, 20 insertions, 47 deletions

diff --git a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index 19a123a4aca..20730fb52a7 100644
--- a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.14 2023/05/02 14:13:05 beck Exp $
+.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.15 2023/05/03 08:10:23 beck Exp $
 .\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2023 $
+.Dd $Mdocdate: May 3 2023 $
 .Dt X509_NAME_GET_INDEX_BY_NID 3
 .Os
 .Sh NAME
@@ -136,32 +136,22 @@ run from 0 to
 .Fn X509_NAME_get_text_by_NID
 and
 .Fn X509_NAME_get_text_by_OBJ
-retrieve the bytes encoded as UTF-8 from the first entry in
+retrieve the "text" from the first entry in
 .Fa name
 which matches
 .Fa nid
 or
 .Fa obj .
+At most
+.Fa len
+bytes will be written and the text written to
+.Fa buf
+will be NUL terminated.
 If
 .Fa buf
 is
 .Dv NULL ,
 nothing is written, but the return value is calculated as usual.
-If
-.Fa buf
-is not
-.Dv NULL ,
-no more than
-.Fa len
-bytes will be written and the text written to
-.Fa buf
-will be NUL terminated.
-.Pp
-Nothing is written and it is a failure if
-.Fa len
-is not large enough to hold the NUL byte terminated UTF-8 encoding of
-the text, or if the UTF-8 encoding ot the text would contins a NUL
-byte.
 .Pp
 All relevant
 .Dv NID_*
@@ -199,8 +189,8 @@ if the index is invalid.
 .Fn X509_NAME_get_text_by_NID
 and
 .Fn X509_NAME_get_text_by_OBJ
-return the length of the output UTF-8 string written, not counting the
-terminating NUL, or -1 in the case of an error or no match being found.
+return the length of the output string written, not counting the
+terminating NUL, or -1 if no match is found.
 .Pp
 In some cases of failure of
 .Fn X509_NAME_get_index_by_NID
diff --git a/lib/libcrypto/x509/x509name.c b/lib/libcrypto/x509/x509name.c
index 319d79d74f0..ecdf473ea92 100644
--- a/lib/libcrypto/x509/x509name.c
+++ b/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.33 2023/05/03 07:13:18 beck Exp $ */
+/* $OpenBSD: x509name.c,v 1.34 2023/05/03 08:10:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,7 +66,6 @@
 #include <openssl/stack.h>
 #include <openssl/x509.h>
 
-#include "bytestring.h"
 #include "x509_local.h"
 
 int
@@ -85,37 +84,21 @@ int
 X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
     int len)
 {
-	unsigned char *text = NULL;
+	int i;
 	ASN1_STRING *data;
-	int i, text_len;
-	int ret = -1;
-	CBS cbs;
 
 	i = X509_NAME_get_index_by_OBJ(name, obj, -1);
 	if (i < 0)
-		goto err;
+		return (-1);
 	data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
-	/*
-	 * Fail if we cannot encode as UTF-8, or if the UTF-8 encoding of the
-	 * string contains a 0 byte, because mortal callers seldom handle the
-	 * length difference correctly
-	 */
-	if ((text_len = ASN1_STRING_to_UTF8(&text, data)) < 0)
-		goto err;
-	CBS_init(&cbs, text, text_len);
-	if (CBS_contains_zero_byte(&cbs))
-		goto err;
-	/* We still support the "pass NULL to find out how much" API */
-	if (buf != NULL) {
-		if (len <= 0 || !CBS_write_bytes(&cbs, buf, len - 1, NULL))
-			goto err;
-		/* It must be a C string */
-		buf[text_len] = '\0';
+	i = (data->length > (len - 1)) ? (len - 1) : data->length;
+	if (buf == NULL)
+		return (data->length);
+	if (i >= 0) {
+		memcpy(buf, data->data, i);
+		buf[i] = '\0';
 	}
-	ret = text_len;
- err:
-	free(text);
-	return (ret);
+	return (i);
 }
 LCRYPTO_ALIAS(X509_NAME_get_text_by_OBJ);