From e6eb3281afe75c88fe14724ae36ddb51a2369a78 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 10 Oct 2025 11:31:13 +0000 Subject: Remove unused sequence member from x509_revoked_st To allow binary search for looking up if a cert was revoked in a CRL, the list of revoked serial numbers is sorted in crl_lookup(). On the other hand, to be able to output the DER that was actually signed by the issuer, the original order needs to be remembered. Before the encoding was cached, there was a mechanism that would restore the original order on serialization using the .sequence member. This was done without a lock and was thus racy (hilarity would ensue if one thread performed a CRL lookup while another thread serialized the same CRL). When the racy mechanism was removed in 2004, the only reader of .sequence, X509_REVOKED_seq_cmp(), was also removed, and this piece of dead code was left behind. Garbage collect it. ok kenjiro --- src/lib/libcrypto/x509/x509_local.h | 3 +-- src/lib/libcrypto/x509/x509cset.c | 10 +--------- 2 files changed, 2 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 796a2ee718..5b9c1e51f7 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.38 2025/03/06 07:20:01 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.39 2025/10/10 11:31:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -213,7 +213,6 @@ struct x509_revoked_st { STACK_OF(GENERAL_NAME) *issuer; /* Revocation reason */ int reason; - int sequence; /* load sequence */ }; struct X509_crl_info_st { diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c index 468831266f..facca27880 100644 --- a/src/lib/libcrypto/x509/x509cset.c +++ b/src/lib/libcrypto/x509/x509cset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509cset.c,v 1.22 2024/03/26 23:41:45 tb Exp $ */ +/* $OpenBSD: x509cset.c,v 1.23 2025/10/10 11:31:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -156,15 +156,7 @@ LCRYPTO_ALIAS(X509_CRL_set1_nextUpdate); int X509_CRL_sort(X509_CRL *c) { - X509_REVOKED *r; - int i; - - /* Sort the data so it will be written in serial number order */ sk_X509_REVOKED_sort(c->crl->revoked); - for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { - r = sk_X509_REVOKED_value(c->crl->revoked, i); - r->sequence = i; - } c->crl->enc.modified = 1; return 1; } -- cgit v1.2.3-55-g6feb