From: Dr. Stephen Henson Date: Mon, 4 Oct 2004 16:27:36 +0000 (+0000) Subject: Fix race condition when CRL checking is enabled. X-Git-Tag: OpenSSL_0_9_7e~11 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8de8bcbe2cb7a484e445727099e2d32406d1ff7e;p=oweals%2Fopenssl.git Fix race condition when CRL checking is enabled. --- diff --git a/CHANGES b/CHANGES index 4d72b1dbcf..c54bccdd55 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7d and 0.9.7e [XX xxx XXXX] + *) Avoid a race condition when CRLs are checked in a multi threaded + environment. This would happen due to the reordering of the revoked + entries during signature checking and serial number lookup. Now the + encoding is cached and the serial number sort performed under a lock. + Add new STACK function sk_is_sorted(). + [Steve Henson] + *) Add Delta CRL to the extension code. [Steve Henson] diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 11fce96825..e4d19183ca 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -63,8 +63,6 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b); -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b); ASN1_SEQUENCE(X509_REVOKED) = { ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), @@ -72,43 +70,28 @@ ASN1_SEQUENCE(X509_REVOKED) = { ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) } ASN1_SEQUENCE_END(X509_REVOKED) -/* The X509_CRL_INFO structure needs a bit of customisation. This is actually - * mirroring the old behaviour: its purpose is to allow the use of - * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately - * this will zap the original order and the signature so we keep a copy - * of the original positions and reorder appropriately before encoding. - * - * Might want to see if there's a better way of doing this later... +/* The X509_CRL_INFO structure needs a bit of customisation. + * Since we cache the original encoding the signature wont be affected by + * reordering of the revoked field. */ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) { X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; - int i; - int (*old_cmp)(const X509_REVOKED * const *, - const X509_REVOKED * const *); if(!a || !a->revoked) return 1; switch(operation) { - - /* Save original order */ + /* Just set cmp function here. We don't sort because that + * would affect the output of X509_CRL_print(). + */ case ASN1_OP_D2I_POST: - for (i=0; irevoked); i++) - sk_X509_REVOKED_value(a->revoked,i)->sequence=i; sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); break; - - /* Restore original order */ - case ASN1_OP_I2D_PRE: - old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); - sk_X509_REVOKED_sort(a->revoked); - sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); - break; } return 1; } -ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { +ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), @@ -116,7 +99,7 @@ ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO) +} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), @@ -137,12 +120,6 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a, (ASN1_STRING *)(*b)->serialNumber)); } -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b) - { - return((*a)->sequence-(*b)->sequence); - } - int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) { X509_CRL_INFO *inf; diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ed9ed2c23a..bd1121c279 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -113,6 +113,8 @@ STACK_OF(type) \ ((type * (*)(STACK_OF(type) *))sk_pop)(st) #define SKM_sk_sort(type, st) \ ((void (*)(STACK_OF(type) *))sk_sort)(st) +#define SKM_sk_is_sorted(type, st) \ + ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ @@ -187,6 +189,8 @@ STACK_OF(type) \ ((type *)sk_pop(st)) #define SKM_sk_sort(type, st) \ sk_sort(st) +#define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(st) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) @@ -223,6 +227,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) @@ -243,6 +248,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) @@ -263,6 +269,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) #define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) @@ -283,6 +290,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) #define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) @@ -303,6 +311,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) #define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) @@ -323,6 +332,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) #define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) @@ -343,6 +353,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) #define sk_BIO_new(st) SKM_sk_new(BIO, (st)) #define sk_BIO_new_null() SKM_sk_new_null(BIO) @@ -363,6 +374,7 @@ STACK_OF(type) \ #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) @@ -383,6 +395,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) #define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) @@ -403,6 +416,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) @@ -423,6 +437,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) @@ -443,6 +458,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) @@ -463,6 +479,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) @@ -483,6 +500,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) #define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) @@ -503,6 +521,7 @@ STACK_OF(type) \ #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) +#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) #define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) @@ -523,6 +542,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) @@ -543,6 +563,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) @@ -563,6 +584,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) #define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) @@ -583,6 +605,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) @@ -603,6 +626,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) @@ -623,6 +647,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) #define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) @@ -643,6 +668,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) @@ -663,6 +689,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) #define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) @@ -683,6 +710,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) #define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) @@ -703,6 +731,7 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) @@ -723,6 +752,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) @@ -743,6 +773,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) #define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) @@ -763,6 +794,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) #define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) @@ -783,6 +815,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) @@ -803,6 +836,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) @@ -823,6 +857,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) @@ -843,6 +878,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) #define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) @@ -863,6 +899,7 @@ STACK_OF(type) \ #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) #define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) @@ -883,6 +920,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) @@ -903,6 +941,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) #define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) @@ -923,6 +962,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) #define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) @@ -943,6 +983,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) @@ -963,6 +1004,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) #define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) @@ -983,6 +1025,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) @@ -1003,6 +1046,7 @@ STACK_OF(type) \ #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) +#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) #define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) @@ -1023,6 +1067,7 @@ STACK_OF(type) \ #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) #define sk_X509_new(st) SKM_sk_new(X509, (st)) #define sk_X509_new_null() SKM_sk_new_null(X509) @@ -1043,6 +1088,7 @@ STACK_OF(type) \ #define sk_X509_shift(st) SKM_sk_shift(X509, (st)) #define sk_X509_pop(st) SKM_sk_pop(X509, (st)) #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) #define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) @@ -1063,6 +1109,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) #define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) @@ -1083,6 +1130,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) #define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) @@ -1103,6 +1151,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) #define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) @@ -1123,6 +1172,7 @@ STACK_OF(type) \ #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) #define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) @@ -1143,6 +1193,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) #define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) @@ -1163,6 +1214,7 @@ STACK_OF(type) \ #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) #define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) @@ -1183,6 +1235,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) #define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) @@ -1203,6 +1256,7 @@ STACK_OF(type) \ #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) #define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) @@ -1223,6 +1277,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) #define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) @@ -1243,6 +1298,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) +#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) @@ -1263,6 +1319,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) #define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) @@ -1283,6 +1340,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) #define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) @@ -1303,6 +1361,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) +#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index a6ecbe4c68..ea50175d1d 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -331,3 +331,10 @@ void sk_sort(STACK *st) st->sorted=1; } } + +int sk_is_sorted(const STACK *st) + { + if (st) + return 1; + return st->sorted; + } diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h index 8b436ca4b9..7570b85fe8 100644 --- a/crypto/stack/stack.h +++ b/crypto/stack/stack.h @@ -99,6 +99,7 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, (const char * const *, const char * const *); STACK *sk_dup(STACK *st); void sk_sort(STACK *st); +int sk_is_sorted(const STACK *st); #ifdef __cplusplus } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 8d0c7e2e17..e4d5434cb1 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -410,6 +410,7 @@ typedef struct X509_crl_info_st ASN1_TIME *nextUpdate; STACK_OF(X509_REVOKED) *revoked; STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; } X509_CRL_INFO; struct X509_crl_st diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2e4d0b823a..e24e10259d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -627,6 +627,15 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) X509_EXTENSION *ext; /* Look for serial number of certificate in CRL */ rtmp.serialNumber = X509_get_serialNumber(x); + /* Sort revoked into serial number order if not already sorted. + * Do this under a lock to avoid race condition. + */ + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); + sk_X509_REVOKED_sort(crl->crl->revoked); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + } idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); /* If found assume revoked: want something cleverer than * this to handle entry extensions in V2 CRLs. diff --git a/util/mkstack.pl b/util/mkstack.pl index 085c50f790..0ca9eb6a76 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -84,6 +84,7 @@ while() { #define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st)) #define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st)) #define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st)) +#define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st)) EOF } foreach $type_thing (sort @asn1setlst) {