diff options
| author | tb <> | 2025-10-10 11:31:13 +0000 |
|---|---|---|
| committer | tb <> | 2025-10-10 11:31:13 +0000 |
| commit | e6eb3281afe75c88fe14724ae36ddb51a2369a78 (patch) | |
| tree | 13a7544f2b68ffbe44df2dc75cbb384a3cc9ac50 /src | |
| parent | 1e4b66632494f1193c5f5366fc060704063c72fc (diff) | |
| download | openbsd-e6eb3281afe75c88fe14724ae36ddb51a2369a78.tar.gz openbsd-e6eb3281afe75c88fe14724ae36ddb51a2369a78.tar.bz2 openbsd-e6eb3281afe75c88fe14724ae36ddb51a2369a78.zip | |
Remove unused sequence member from x509_revoked_st
To allow binary search for looking up if a cert was revoked in a CRL,
the list of revoked serial numbers is sorted in crl_lookup(). On the
other hand, to be able to output the DER that was actually signed by
the issuer, the original order needs to be remembered.
Before the encoding was cached, there was a mechanism that would restore
the original order on serialization using the .sequence member. This was
done without a lock and was thus racy (hilarity would ensue if one thread
performed a CRL lookup while another thread serialized the same CRL). When
the racy mechanism was removed in 2004, the only reader of .sequence,
X509_REVOKED_seq_cmp(), was also removed, and this piece of dead code was
left behind. Garbage collect it.
ok kenjiro
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_local.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509cset.c | 10 |
2 files changed, 2 insertions, 11 deletions
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 796a2ee718..5b9c1e51f7 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_local.h,v 1.38 2025/03/06 07:20:01 tb Exp $ */ | 1 | /* $OpenBSD: x509_local.h,v 1.39 2025/10/10 11:31:13 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2013. | 3 | * project 2013. |
| 4 | */ | 4 | */ |
| @@ -213,7 +213,6 @@ struct x509_revoked_st { | |||
| 213 | STACK_OF(GENERAL_NAME) *issuer; | 213 | STACK_OF(GENERAL_NAME) *issuer; |
| 214 | /* Revocation reason */ | 214 | /* Revocation reason */ |
| 215 | int reason; | 215 | int reason; |
| 216 | int sequence; /* load sequence */ | ||
| 217 | }; | 216 | }; |
| 218 | 217 | ||
| 219 | struct X509_crl_info_st { | 218 | struct X509_crl_info_st { |
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c index 468831266f..facca27880 100644 --- a/src/lib/libcrypto/x509/x509cset.c +++ b/src/lib/libcrypto/x509/x509cset.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509cset.c,v 1.22 2024/03/26 23:41:45 tb Exp $ */ | 1 | /* $OpenBSD: x509cset.c,v 1.23 2025/10/10 11:31:13 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -156,15 +156,7 @@ LCRYPTO_ALIAS(X509_CRL_set1_nextUpdate); | |||
| 156 | int | 156 | int |
| 157 | X509_CRL_sort(X509_CRL *c) | 157 | X509_CRL_sort(X509_CRL *c) |
| 158 | { | 158 | { |
| 159 | X509_REVOKED *r; | ||
| 160 | int i; | ||
| 161 | |||
| 162 | /* Sort the data so it will be written in serial number order */ | ||
| 163 | sk_X509_REVOKED_sort(c->crl->revoked); | 159 | sk_X509_REVOKED_sort(c->crl->revoked); |
| 164 | for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { | ||
| 165 | r = sk_X509_REVOKED_value(c->crl->revoked, i); | ||
| 166 | r->sequence = i; | ||
| 167 | } | ||
| 168 | c->crl->enc.modified = 1; | 160 | c->crl->enc.modified = 1; |
| 169 | return 1; | 161 | return 1; |
| 170 | } | 162 | } |