From 7aef39a72a2d3a7a2b0e222137a45e1b1406668d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 16 Sep 2015 00:24:43 +0100 Subject: [PATCH] X509_CRL_INFO embed Reviewed-by: Rich Salz --- crypto/asn1/t_crl.c | 2 +- crypto/asn1/x_crl.c | 18 +++++++------- crypto/include/internal/x509_int.h | 2 +- crypto/x509/by_dir.c | 10 +++----- crypto/x509/x509_cmp.c | 4 +-- crypto/x509/x509_ext.c | 18 +++++++------- crypto/x509/x509_lu.c | 4 +-- crypto/x509/x509cset.c | 40 +++++++++++++++--------------- crypto/x509/x_all.c | 12 ++++----- crypto/x509v3/v3_conf.c | 2 +- 10 files changed, 53 insertions(+), 59 deletions(-) diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 06c61eae4e..51841c05c9 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -108,7 +108,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "NONE"); BIO_printf(out, "\n"); - X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); + X509V3_extensions_print(out, "CRL extensions", x->crl.extensions, 0, 8); rev = X509_CRL_get_REVOKED(x); diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 73f78c4175..14ba3273b5 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -249,7 +249,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, * directly: applications shouldn't do this. */ - exts = crl->crl->extensions; + exts = crl->crl.extensions; for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { int nid; @@ -331,7 +331,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) } ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { - ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), + ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) @@ -356,7 +356,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a, int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) { X509_CRL_INFO *inf; - inf = crl->crl; + inf = &crl->crl; if (!inf->revoked) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { @@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), - crl->sig_alg, crl->signature, crl->crl, r)); + crl->sig_alg, crl->signature, &crl->crl, r)); } static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, @@ -435,17 +435,17 @@ static int def_crl_lookup(X509_CRL *crl, * Sort revoked into serial number order if not already sorted. Do this * under a lock to avoid race condition. */ - if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { + if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) { CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); - sk_X509_REVOKED_sort(crl->crl->revoked); + sk_X509_REVOKED_sort(crl->crl.revoked); CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); } - idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); + idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); if (idx < 0) return 0; /* Need to look for matching name */ - for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { - rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); + for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) { + rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) return 0; if (crl_revoked_issuer_match(crl, issuer, rev)) { diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index f8677a0299..7c31289f9e 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -119,7 +119,7 @@ struct X509_crl_info_st { struct X509_crl_st { /* actual signature */ - X509_CRL_INFO *crl; + X509_CRL_INFO crl; X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int references; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index f55e235ef7..5f423e0c4a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -257,10 +257,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, X509 st_x509; X509_CINF st_x509_cinf; } x509; - struct { - X509_CRL st_crl; - X509_CRL_INFO st_crl_info; - } crl; + X509_CRL crl; } data; int ok = 0; int i, j, k; @@ -279,9 +276,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, stmp.data.x509 = &data.x509.st_x509; postfix = ""; } else if (type == X509_LU_CRL) { - data.crl.st_crl.crl = &data.crl.st_crl_info; - data.crl.st_crl_info.issuer = name; - stmp.data.crl = &data.crl.st_crl; + data.crl.crl.issuer = name; + stmp.data.crl = &data.crl; postfix = "r"; } else { X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 47791c73d3..1afc7f8dfa 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -120,7 +120,7 @@ int X509_subject_name_cmp(const X509 *a, const X509 *b) int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { - return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); + return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer)); } int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) @@ -458,7 +458,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) return X509_V_OK; - sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); + sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index dc4670b89d..4437d8425f 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -68,48 +68,48 @@ int X509_CRL_get_ext_count(X509_CRL *x) { - return (X509v3_get_ext_count(x->crl->extensions)); + return (X509v3_get_ext_count(x->crl.extensions)); } int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); + return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos)); } int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); + return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos)); } int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); + return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos)); } X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) { - return (X509v3_get_ext(x->crl->extensions, loc)); + return (X509v3_get_ext(x->crl.extensions, loc)); } X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return (X509v3_delete_ext(x->crl->extensions, loc)); + return (X509v3_delete_ext(x->crl.extensions, loc)); } void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) { - return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); + return X509V3_get_d2i(x->crl.extensions, nid, crit, idx); } int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags) { - return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); + return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); } int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) { - return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); + return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL); } int X509_get_ext_count(X509 *x) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index c53f1e5117..1c08eb044d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -422,7 +422,6 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509 x509_s; X509_CINF cinf_s; X509_CRL crl_s; - X509_CRL_INFO crl_info_s; int idx; stmp.type = type; @@ -434,8 +433,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, break; case X509_LU_CRL: stmp.data.crl = &crl_s; - crl_s.crl = &crl_info_s; - crl_info_s.issuer = name; + crl_s.crl.issuer = name; break; default: /* abort(); */ diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index ca3f6968af..e89dbc7397 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -69,18 +69,18 @@ int X509_CRL_set_version(X509_CRL *x, long version) { if (x == NULL) return (0); - if (x->crl->version == NULL) { - if ((x->crl->version = ASN1_INTEGER_new()) == NULL) + if (x->crl.version == NULL) { + if ((x->crl.version = ASN1_INTEGER_new()) == NULL) return (0); } - return (ASN1_INTEGER_set(x->crl->version, version)); + return (ASN1_INTEGER_set(x->crl.version, version)); } int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) { - if ((x == NULL) || (x->crl == NULL)) + if (x == NULL) return (0); - return (X509_NAME_set(&x->crl->issuer, name)); + return (X509_NAME_set(&x->crl.issuer, name)); } int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) @@ -89,12 +89,12 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) if (x == NULL) return (0); - in = x->crl->lastUpdate; + in = x->crl.lastUpdate; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { - ASN1_TIME_free(x->crl->lastUpdate); - x->crl->lastUpdate = in; + ASN1_TIME_free(x->crl.lastUpdate); + x->crl.lastUpdate = in; } } return (in != NULL); @@ -106,12 +106,12 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) if (x == NULL) return (0); - in = x->crl->nextUpdate; + in = x->crl.nextUpdate; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { - ASN1_TIME_free(x->crl->nextUpdate); - x->crl->nextUpdate = in; + ASN1_TIME_free(x->crl.nextUpdate); + x->crl.nextUpdate = in; } } return (in != NULL); @@ -124,12 +124,12 @@ int X509_CRL_sort(X509_CRL *c) /* * sort the data so it will be written in serial number order */ - sk_X509_REVOKED_sort(c->crl->revoked); - for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { - r = sk_X509_REVOKED_value(c->crl->revoked, i); + sk_X509_REVOKED_sort(c->crl.revoked); + for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) { + r = sk_X509_REVOKED_value(c->crl.revoked, i); r->sequence = i; } - c->crl->enc.modified = 1; + c->crl.enc.modified = 1; return 1; } @@ -140,27 +140,27 @@ void X509_CRL_up_ref(X509_CRL *crl) long X509_CRL_get_version(X509_CRL *crl) { - return ASN1_INTEGER_get(crl->crl->version); + return ASN1_INTEGER_get(crl->crl.version); } ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { - return crl->crl->lastUpdate; + return crl->crl.lastUpdate; } ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) { - return crl->crl->nextUpdate; + return crl->crl.nextUpdate; } X509_NAME *X509_CRL_get_issuer(X509_CRL *crl) { - return crl->crl->issuer; + return crl->crl.issuer; } STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) { - return crl->crl->revoked; + return crl->crl.revoked; } void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 591a95188d..ab258bea54 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -128,17 +128,17 @@ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { - x->crl->enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, - x->sig_alg, x->signature, x->crl, pkey, md)); + x->crl.enc.modified = 1; + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl.sig_alg, + x->sig_alg, x->signature, &x->crl, pkey, md)); } int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) { - x->crl->enc.modified = 1; + x->crl.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), - x->crl->sig_alg, x->sig_alg, x->signature, - x->crl, ctx); + x->crl.sig_alg, x->sig_alg, x->signature, + &x->crl, ctx); } int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index f1f8bb42d0..3d5963cc40 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -387,7 +387,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) - sk = &crl->crl->extensions; + sk = &crl->crl.extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } -- 2.25.1