1 files changed, 144 insertions, 20 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 536aa74e00..338a784189 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.22 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: x_crl.c,v 1.23 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -71,11 +71,39 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
    const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
-ASN1_SEQUENCE(X509_REVOKED) = {
+static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = {
-        ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
+        {
-        ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
+                .flags = 0,
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
+                .tag = 0,
-} ASN1_SEQUENCE_END(X509_REVOKED)
+                .offset = offsetof(X509_REVOKED, serialNumber),
+                .field_name = "serialNumber",
+                .item = &ASN1_INTEGER_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_REVOKED, revocationDate),
+                .field_name = "revocationDate",
+                .item = &ASN1_TIME_it,
+        },
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(X509_REVOKED, extensions),
+                .field_name = "extensions",
+                .item = &X509_EXTENSION_it,
+        },
+};
+const ASN1_ITEM X509_REVOKED_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = X509_REVOKED_seq_tt,
+        .tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(X509_REVOKED),
+        .sname = "X509_REVOKED",
+};
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
 static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
@@ -111,15 +139,75 @@ crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 }
-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+static const ASN1_AUX X509_CRL_INFO_aux = {
-        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        .app_data = NULL,
-        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        .flags = ASN1_AFLG_ENCODING,
-        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        .ref_offset = 0,
-        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        .ref_lock = 0,
-        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        .asn1_cb = crl_inf_cb,
-        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        .enc_offset = offsetof(X509_CRL_INFO, enc),
-        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+};
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = {
+        {
+                .flags = ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, version),
+                .field_name = "version",
+                .item = &ASN1_INTEGER_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, sig_alg),
+                .field_name = "sig_alg",
+                .item = &X509_ALGOR_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, issuer),
+                .field_name = "issuer",
+                .item = &X509_NAME_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, lastUpdate),
+                .field_name = "lastUpdate",
+                .item = &ASN1_TIME_it,
+        },
+        {
+                .flags = ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, nextUpdate),
+                .field_name = "nextUpdate",
+                .item = &ASN1_TIME_it,
+        },
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, revoked),
+                .field_name = "revoked",
+                .item = &X509_REVOKED_it,
+        },
+        {
+                .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(X509_CRL_INFO, extensions),
+                .field_name = "extensions",
+                .item = &X509_EXTENSION_it,
+        },
+};
+const ASN1_ITEM X509_CRL_INFO_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = X509_CRL_INFO_seq_tt,
+        .tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = &X509_CRL_INFO_aux,
+        .size = sizeof(X509_CRL_INFO),
+        .sname = "X509_CRL_INFO",
+};
 /* Set CRL entry issuer according to CRL certificate issuer extension.
 * Check for unhandled critical CRL entry extensions.
@@ -331,11 +419,47 @@ setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
        DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
 }
-ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
+static const ASN1_AUX X509_CRL_aux = {
-        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        .app_data = NULL,
-        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        .flags = ASN1_AFLG_REFCOUNT,
-        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+        .ref_offset = offsetof(X509_CRL, references),
-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+        .ref_lock = CRYPTO_LOCK_X509_CRL,
+        .asn1_cb = crl_cb,
+        .enc_offset = 0,
+};
+static const ASN1_TEMPLATE X509_CRL_seq_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL, crl),
+                .field_name = "crl",
+                .item = &X509_CRL_INFO_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL, sig_alg),
+                .field_name = "sig_alg",
+                .item = &X509_ALGOR_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(X509_CRL, signature),
+                .field_name = "signature",
+                .item = &ASN1_BIT_STRING_it,
+        },
+};
+const ASN1_ITEM X509_CRL_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = X509_CRL_seq_tt,
+        .tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = &X509_CRL_aux,
+        .size = sizeof(X509_CRL),
+        .sname = "X509_CRL",
+};
 X509_REVOKED *

diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 536aa74e00..338a784189 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x_crl.c,v 1.22 2015/02/10 08:33:10 jsing Exp $ */	1	/* $OpenBSD: x_crl.c,v 1.23 2015/02/11 03:39:51 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -71,11 +71,39 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
71	const X509_REVOKED * const *b);	71	const X509_REVOKED * const *b);
72	static void setup_idp(X509_CRL crl, ISSUING_DIST_POINT idp);	72	static void setup_idp(X509_CRL crl, ISSUING_DIST_POINT idp);
73		73
74	ASN1_SEQUENCE(X509_REVOKED) = {	74	static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = {
75	ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),	75	{
76	ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),	76	.flags = 0,
77	ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)	77	.tag = 0,
78	} ASN1_SEQUENCE_END(X509_REVOKED)	78	.offset = offsetof(X509_REVOKED, serialNumber),
		79	.field_name = "serialNumber",
		80	.item = &ASN1_INTEGER_it,
		81	},
		82	{
		83	.flags = 0,
		84	.tag = 0,
		85	.offset = offsetof(X509_REVOKED, revocationDate),
		86	.field_name = "revocationDate",
		87	.item = &ASN1_TIME_it,
		88	},
		89	{
		90	.flags = ASN1_TFLG_SEQUENCE_OF \| ASN1_TFLG_OPTIONAL,
		91	.tag = 0,
		92	.offset = offsetof(X509_REVOKED, extensions),
		93	.field_name = "extensions",
		94	.item = &X509_EXTENSION_it,
		95	},
		96	};
		97
		98	const ASN1_ITEM X509_REVOKED_it = {
		99	.itype = ASN1_ITYPE_SEQUENCE,
		100	.utype = V_ASN1_SEQUENCE,
		101	.templates = X509_REVOKED_seq_tt,
		102	.tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE),
		103	.funcs = NULL,
		104	.size = sizeof(X509_REVOKED),
		105	.sname = "X509_REVOKED",
		106	};
79		107
80	static int def_crl_verify(X509_CRL crl, EVP_PKEY r);	108	static int def_crl_verify(X509_CRL crl, EVP_PKEY r);
81	static int def_crl_lookup(X509_CRL crl, X509_REVOKED *ret,	109	static int def_crl_lookup(X509_CRL crl, X509_REVOKED *ret,
@@ -111,15 +139,75 @@ crl_inf_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it, void *exarg)
111	}	139	}
112		140
113		141
114	ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {	142	static const ASN1_AUX X509_CRL_INFO_aux = {
115	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),	143	.app_data = NULL,
116	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),	144	.flags = ASN1_AFLG_ENCODING,
117	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),	145	.ref_offset = 0,
118	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),	146	.ref_lock = 0,
119	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),	147	.asn1_cb = crl_inf_cb,
120	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),	148	.enc_offset = offsetof(X509_CRL_INFO, enc),
121	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)	149	};
122	} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)	150	static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = {
		151	{
		152	.flags = ASN1_TFLG_OPTIONAL,
		153	.tag = 0,
		154	.offset = offsetof(X509_CRL_INFO, version),
		155	.field_name = "version",
		156	.item = &ASN1_INTEGER_it,
		157	},
		158	{
		159	.flags = 0,
		160	.tag = 0,
		161	.offset = offsetof(X509_CRL_INFO, sig_alg),
		162	.field_name = "sig_alg",
		163	.item = &X509_ALGOR_it,
		164	},
		165	{
		166	.flags = 0,
		167	.tag = 0,
		168	.offset = offsetof(X509_CRL_INFO, issuer),
		169	.field_name = "issuer",
		170	.item = &X509_NAME_it,
		171	},
		172	{
		173	.flags = 0,
		174	.tag = 0,
		175	.offset = offsetof(X509_CRL_INFO, lastUpdate),
		176	.field_name = "lastUpdate",
		177	.item = &ASN1_TIME_it,
		178	},
		179	{
		180	.flags = ASN1_TFLG_OPTIONAL,
		181	.tag = 0,
		182	.offset = offsetof(X509_CRL_INFO, nextUpdate),
		183	.field_name = "nextUpdate",
		184	.item = &ASN1_TIME_it,
		185	},
		186	{
		187	.flags = ASN1_TFLG_SEQUENCE_OF \| ASN1_TFLG_OPTIONAL,
		188	.tag = 0,
		189	.offset = offsetof(X509_CRL_INFO, revoked),
		190	.field_name = "revoked",
		191	.item = &X509_REVOKED_it,
		192	},
		193	{
		194	.flags = ASN1_TFLG_EXPLICIT \| ASN1_TFLG_SEQUENCE_OF \| ASN1_TFLG_OPTIONAL,
		195	.tag = 0,
		196	.offset = offsetof(X509_CRL_INFO, extensions),
		197	.field_name = "extensions",
		198	.item = &X509_EXTENSION_it,
		199	},
		200	};
		201
		202	const ASN1_ITEM X509_CRL_INFO_it = {
		203	.itype = ASN1_ITYPE_SEQUENCE,
		204	.utype = V_ASN1_SEQUENCE,
		205	.templates = X509_CRL_INFO_seq_tt,
		206	.tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
		207	.funcs = &X509_CRL_INFO_aux,
		208	.size = sizeof(X509_CRL_INFO),
		209	.sname = "X509_CRL_INFO",
		210	};
123		211
124	/* Set CRL entry issuer according to CRL certificate issuer extension.	212	/* Set CRL entry issuer according to CRL certificate issuer extension.
125	* Check for unhandled critical CRL entry extensions.	213	* Check for unhandled critical CRL entry extensions.
@@ -331,11 +419,47 @@ setup_idp(X509_CRL crl, ISSUING_DIST_POINT idp)
331	DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));	419	DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
332	}	420	}
333		421
334	ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {	422	static const ASN1_AUX X509_CRL_aux = {
335	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),	423	.app_data = NULL,
336	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),	424	.flags = ASN1_AFLG_REFCOUNT,
337	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)	425	.ref_offset = offsetof(X509_CRL, references),
338	} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)	426	.ref_lock = CRYPTO_LOCK_X509_CRL,
		427	.asn1_cb = crl_cb,
		428	.enc_offset = 0,
		429	};
		430	static const ASN1_TEMPLATE X509_CRL_seq_tt[] = {
		431	{
		432	.flags = 0,
		433	.tag = 0,
		434	.offset = offsetof(X509_CRL, crl),
		435	.field_name = "crl",
		436	.item = &X509_CRL_INFO_it,
		437	},
		438	{
		439	.flags = 0,
		440	.tag = 0,
		441	.offset = offsetof(X509_CRL, sig_alg),
		442	.field_name = "sig_alg",
		443	.item = &X509_ALGOR_it,
		444	},
		445	{
		446	.flags = 0,
		447	.tag = 0,
		448	.offset = offsetof(X509_CRL, signature),
		449	.field_name = "signature",
		450	.item = &ASN1_BIT_STRING_it,
		451	},
		452	};
		453
		454	const ASN1_ITEM X509_CRL_it = {
		455	.itype = ASN1_ITYPE_SEQUENCE,
		456	.utype = V_ASN1_SEQUENCE,
		457	.templates = X509_CRL_seq_tt,
		458	.tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE),
		459	.funcs = &X509_CRL_aux,
		460	.size = sizeof(X509_CRL),
		461	.sname = "X509_CRL",
		462	};
339		463
340		464
341	X509_REVOKED *	465	X509_REVOKED *