提交 34a42e14 编写于 作者: D Dr. Stephen Henson

embed CRL serial number and signature fields

Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 81e49438
......@@ -121,7 +121,7 @@ struct X509_crl_info_st {
struct X509_crl_st {
X509_CRL_INFO crl; /* signed CRL data */
X509_ALGOR sig_alg; /* CRL signature algorithm */
ASN1_BIT_STRING *signature; /* CRL signature */
ASN1_BIT_STRING signature; /* CRL signature */
int references;
int flags;
/*
......@@ -145,7 +145,7 @@ struct X509_crl_st {
};
struct x509_revoked_st {
ASN1_INTEGER *serialNumber; /* revoked entry serial number */
ASN1_INTEGER serialNumber; /* revoked entry serial number */
ASN1_TIME *revocationDate; /* revocation date */
STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */
/* decoded value of CRLissuer extension: set if indirect CRL */
......
......@@ -2088,7 +2088,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
* Add only if not also in base. TODO: need something cleverer here
* for some more complex CRLs covering multiple CAs.
*/
if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
rvtmp = X509_REVOKED_dup(rvn);
if (!rvtmp)
goto memerr;
......
......@@ -172,7 +172,7 @@ void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
X509_CRL *crl)
{
if (psig != NULL)
*psig = crl->signature;
*psig = &crl->signature;
if (palg != NULL)
*palg = &crl->sig_alg;
}
......@@ -206,7 +206,7 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x)
{
return x->serialNumber;
return &x->serialNumber;
}
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
......@@ -215,15 +215,10 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
if (x == NULL)
return (0);
in = x->serialNumber;
if (in != serial) {
in = ASN1_INTEGER_dup(serial);
if (in != NULL) {
ASN1_INTEGER_free(x->serialNumber);
x->serialNumber = in;
}
}
return (in != NULL);
in = &x->serialNumber;
if (in != serial)
return ASN1_STRING_copy(in, serial);
return 1;
}
STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r)
......
......@@ -131,14 +131,14 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->crl.enc.modified = 1;
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
&x->sig_alg, x->signature, &x->crl, pkey, md));
&x->sig_alg, &x->signature, &x->crl, pkey, md));
}
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
x->crl.enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
&x->crl.sig_alg, &x->sig_alg, x->signature,
&x->crl.sig_alg, &x->sig_alg, &x->signature,
&x->crl, ctx);
}
......
......@@ -69,7 +69,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
ASN1_SEQUENCE(X509_REVOKED) = {
ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
} ASN1_SEQUENCE_END(X509_REVOKED)
......@@ -333,7 +333,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
......@@ -349,8 +349,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
const X509_REVOKED *const *b)
{
return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber,
(ASN1_STRING *)(*b)->serialNumber));
return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber,
(ASN1_STRING *)&(*b)->serialNumber));
}
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
......@@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
{
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
&crl->sig_alg, crl->signature, &crl->crl, r));
&crl->sig_alg, &crl->signature, &crl->crl, r));
}
static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
......@@ -430,7 +430,7 @@ static int def_crl_lookup(X509_CRL *crl,
{
X509_REVOKED rtmp, *rev;
int idx;
rtmp.serialNumber = serial;
rtmp.serialNumber = *serial;
/*
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
......@@ -446,7 +446,7 @@ static int def_crl_lookup(X509_CRL *crl,
/* Need to look for matching name */
for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
return 0;
if (crl_revoked_issuer_match(crl, issuer, rev)) {
if (ret)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册