resolve conflicts

author: djm <> 2005-04-29 05:39:33 +0000
committer: djm <> 2005-04-29 05:39:33 +0000
commit: 68edd00d9258df93b1366c71ac124e0cadf7bc08 (patch)
tree: 3ce4ae2a9747bbc11aed1f95f9bbea92c41f8683 /src/lib/libcrypto/asn1/x_crl.c
parent: f396ed0f5ce0af56bfde2e75e15cf1f52924c779 (diff)
download: openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.gz
openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.bz2
openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.zip
1 files changed, 9 insertions, 31 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 11fce96825..b99f8fc522 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -63,8 +63,6 @@
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                                const X509_REVOKED * const *b);
-static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
 ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -72,43 +70,28 @@ ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
-/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+/* The X509_CRL_INFO structure needs a bit of customisation.
- * mirroring the old behaviour: its purpose is to allow the use of
+ * Since we cache the original encoding the signature wont be affected by
- * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * reordering of the revoked field.
- * this will zap the original order and the signature so we keep a copy
- * of the original positions and reorder appropriately before encoding.
- *
- * Might want to see if there's a better way of doing this later...
 */
 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-        int i;
-        int (*old_cmp)(const X509_REVOKED * const *,
-                        const X509_REVOKED * const *);
        if(!a || !a->revoked) return 1;
        switch(operation) {
+                /* Just set cmp function here. We don't sort because that
-                /* Save original order */
+                 * would affect the output of X509_CRL_print().
+                 */
                case ASN1_OP_D2I_POST:
-                for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
-                        sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
                break;
-                /* Restore original order */
-                case ASN1_OP_I2D_PRE:
-                old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
-                sk_X509_REVOKED_sort(a->revoked);
-                sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
-                break;
        }
        return 1;
 }
-ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
@@ -116,7 +99,7 @@ ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
 ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
@@ -137,12 +120,6 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                (ASN1_STRING *)(*b)->serialNumber));
        }
-static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b)
-        {
-        return((*a)->sequence-(*b)->sequence);
-        }
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
        X509_CRL_INFO *inf;
@@ -153,6 +130,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
                return 0;
        }
+        inf->enc.modified = 1;
        return 1;
 }
author	djm <>	2005-04-29 05:39:33 +0000
committer	djm <>	2005-04-29 05:39:33 +0000
commit	68edd00d9258df93b1366c71ac124e0cadf7bc08 (patch)
tree	3ce4ae2a9747bbc11aed1f95f9bbea92c41f8683 /src/lib/libcrypto/asn1/x_crl.c
parent	f396ed0f5ce0af56bfde2e75e15cf1f52924c779 (diff)
download	openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.gz openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.bz2 openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.zip

diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 11fce96825..b99f8fc522 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -63,8 +63,6 @@
63		63
64	static int X509_REVOKED_cmp(const X509_REVOKED * const *a,	64	static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
65	const X509_REVOKED * const *b);	65	const X509_REVOKED * const *b);
66	static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
67	const X509_REVOKED * const *b);
68		66
69	ASN1_SEQUENCE(X509_REVOKED) = {	67	ASN1_SEQUENCE(X509_REVOKED) = {
70	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),	68	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -72,43 +70,28 @@ ASN1_SEQUENCE(X509_REVOKED) = {
72	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)	70	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
73	} ASN1_SEQUENCE_END(X509_REVOKED)	71	} ASN1_SEQUENCE_END(X509_REVOKED)
74		72
75	/* The X509_CRL_INFO structure needs a bit of customisation. This is actually	73	/* The X509_CRL_INFO structure needs a bit of customisation.
76	* mirroring the old behaviour: its purpose is to allow the use of	74	* Since we cache the original encoding the signature wont be affected by
77	* sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately	75	* reordering of the revoked field.
78	* this will zap the original order and the signature so we keep a copy
79	* of the original positions and reorder appropriately before encoding.
80	*
81	* Might want to see if there's a better way of doing this later...
82	*/	76	*/
83	static int crl_inf_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)	77	static int crl_inf_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)
84	{	78	{
85	X509_CRL_INFO a = (X509_CRL_INFO )*pval;	79	X509_CRL_INFO a = (X509_CRL_INFO )*pval;
86	int i;
87	int (old_cmp)(const X509_REVOKED const *,
88	const X509_REVOKED * const *);
89		80
90	if(!a \|\| !a->revoked) return 1;	81	if(!a \|\| !a->revoked) return 1;
91	switch(operation) {	82	switch(operation) {
92		83	/* Just set cmp function here. We don't sort because that
93	/* Save original order */	84	* would affect the output of X509_CRL_print().
		85	*/
94	case ASN1_OP_D2I_POST:	86	case ASN1_OP_D2I_POST:
95	for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
96	sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
97	sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);	87	sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
98	break;	88	break;
99
100	/* Restore original order */
101	case ASN1_OP_I2D_PRE:
102	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
103	sk_X509_REVOKED_sort(a->revoked);
104	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
105	break;
106	}	89	}
107	return 1;	90	return 1;
108	}	91	}
109		92
110		93
111	ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {	94	ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
112	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),	95	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
113	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),	96	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
114	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),	97	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
@@ -116,7 +99,7 @@ ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
116	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),	99	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
117	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),	100	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
118	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)	101	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
119	} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)	102	} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
120		103
121	ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {	104	ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
122	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),	105	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
@@ -137,12 +120,6 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
137	(ASN1_STRING )(b)->serialNumber));	120	(ASN1_STRING )(b)->serialNumber));
138	}	121	}
139		122
140	static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
141	const X509_REVOKED * const *b)
142	{
143	return((a)->sequence-(b)->sequence);
144	}
145
146	int X509_CRL_add0_revoked(X509_CRL crl, X509_REVOKED rev)	123	int X509_CRL_add0_revoked(X509_CRL crl, X509_REVOKED rev)
147	{	124	{
148	X509_CRL_INFO *inf;	125	X509_CRL_INFO *inf;
@@ -153,6 +130,7 @@ int X509_CRL_add0_revoked(X509_CRL crl, X509_REVOKED rev)
153	ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);	130	ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
154	return 0;	131	return 0;
155	}	132	}
		133	inf->enc.modified = 1;
156	return 1;	134	return 1;
157	}	135	}
158		136