[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Sep 2 20:29:04 UTC 2015


The branch master has been updated
       via  66e87a9f0990198079bf4d2b3ce87581ad5b6b10 (commit)
       via  e3e571925c40f4d9e0adfc7704e5df2057a13a19 (commit)
      from  cf170f558b6051a66b5e182ac447b7b8ce85c8d2 (commit)


- Log -----------------------------------------------------------------
commit 66e87a9f0990198079bf4d2b3ce87581ad5b6b10
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Mon Aug 31 23:48:44 2015 +0100

    make update
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

commit e3e571925c40f4d9e0adfc7704e5df2057a13a19
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Mon Aug 31 21:30:13 2015 +0100

    make X509_CRL opaque
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/crl.c                         |  9 ++++++--
 crypto/asn1/Makefile               |  4 ++--
 crypto/asn1/t_crl.c                |  1 +
 crypto/asn1/x_crl.c                |  1 +
 crypto/include/internal/x509_int.h | 33 ++++++++++++++++++++++++++
 crypto/x509/Makefile               | 13 +++++++----
 crypto/x509/by_dir.c               |  1 +
 crypto/x509/x509_ext.c             |  1 +
 crypto/x509/x509_lu.c              |  1 +
 crypto/x509/x509_vfy.c             |  1 +
 crypto/x509/x509cset.c             | 35 ++++++++++++++++++++++++++++
 crypto/x509v3/Makefile             |  3 ++-
 crypto/x509v3/v3_conf.c            |  1 +
 include/openssl/x509.h             | 47 ++++++++------------------------------
 util/libeay.num                    |  6 +++++
 15 files changed, 109 insertions(+), 48 deletions(-)

diff --git a/apps/crl.c b/apps/crl.c
index b4c9c75..c0bf874 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -358,8 +358,13 @@ int crl_main(int argc, char **argv)
         goto end;
     }
 
-    if (badsig)
-        x->signature->data[x->signature->length - 1] ^= 0x1;
+    if (badsig) {
+        ASN1_BIT_STRING *sig;
+        unsigned char *psig;
+        X509_CRL_get0_signature(&sig, NULL, x);
+        psig = ASN1_STRING_data(sig);
+        psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
+    }
 
     if (outformat == FORMAT_ASN1)
         i = (int)i2d_X509_CRL_bio(out, x);
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index ffee97b..be5e3c5 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -587,7 +587,7 @@ t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../include/internal/cryptlib.h t_crl.c
+t_crl.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h t_crl.c
 t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -771,7 +771,7 @@ x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x_crl.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
-x_crl.o: asn1_locl.h x_crl.c
+x_crl.o: ../include/internal/x509_int.h asn1_locl.h x_crl.c
 x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index 96c5226..06c61ea 100644
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -63,6 +63,7 @@
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
 #ifndef OPENSSL_NO_STDIO
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index d264ec7..73f78c4 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1t.h>
 #include "asn1_locl.h"
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 70abb2c..846a320 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -105,3 +105,36 @@ struct X509_req_st {
     ASN1_BIT_STRING *signature;
     int references;
 };
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *sig_alg;
+    X509_NAME *issuer;
+    ASN1_TIME *lastUpdate;
+    ASN1_TIME *nextUpdate;
+    STACK_OF(X509_REVOKED) *revoked;
+    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+    ASN1_ENCODING enc;
+};
+
+struct X509_crl_st {
+    /* actual signature */
+    X509_CRL_INFO *crl;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+    int flags;
+    /* Copies of various extensions */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    STACK_OF(GENERAL_NAMES) *issuers;
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+};
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index 4127646..f2bf8f9 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -84,7 +84,7 @@ by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 by_dir.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h
-by_dir.o: by_dir.c
+by_dir.o: ../include/internal/x509_int.h by_dir.c
 by_file.o: ../../e_os.h ../../include/openssl/asn1.h
 by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -180,7 +180,8 @@ x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_ext.o: ../include/internal/cryptlib.h x509_ext.c
+x509_ext.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
+x509_ext.o: x509_ext.c
 x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -194,7 +195,8 @@ x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_lu.o: ../include/internal/cryptlib.h x509_lcl.h x509_lu.c
+x509_lu.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
+x509_lu.o: x509_lcl.h x509_lu.c
 x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -309,7 +311,8 @@ x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_vfy.o: ../include/internal/cryptlib.h x509_lcl.h x509_vfy.c
+x509_vfy.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
+x509_vfy.o: x509_lcl.h x509_vfy.c
 x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -337,7 +340,7 @@ x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509cset.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h
-x509cset.o: x509cset.c
+x509cset.o: ../include/internal/x509_int.h x509cset.c
 x509name.o: ../../e_os.h ../../include/openssl/asn1.h
 x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index cc91db8..bd6c3c8 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -71,6 +71,7 @@
 
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 typedef struct lookup_dir_hashes_st {
     unsigned long hash;
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index 6bba5bb..dc4670b 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
 int X509_CRL_get_ext_count(X509_CRL *x)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3dae7fa..2bd8de6 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -60,6 +60,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 #include "x509_lcl.h"
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 45d53a0..1376e44 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -69,6 +69,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
+#include "internal/x509_int.h"
 #include "x509_lcl.h"
 
 /* CRL score values */
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index c687324..ca3f696 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
@@ -137,6 +138,40 @@ void X509_CRL_up_ref(X509_CRL *crl)
     CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
 }
 
+long X509_CRL_get_version(X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl->version);
+}
+
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl->lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl->nextUpdate;
+}
+
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
+{
+    return crl->crl->issuer;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl->revoked;
+}
+
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             const X509_CRL *crl)
+{
+    if (psig)
+        *psig = crl->signature;
+    if (palg)
+        *palg = crl->sig_alg;
+}
+
 int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
 {
     ASN1_TIME *in;
diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile
index 57d7e1a..516e7ad 100644
--- a/crypto/x509v3/Makefile
+++ b/crypto/x509v3/Makefile
@@ -270,7 +270,8 @@ v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../include/internal/cryptlib.h v3_conf.c
+v3_conf.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
+v3_conf.o: v3_conf.c
 v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 38f198e..f1f8bb4 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -63,6 +63,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
 static int v3_check_critical(char **value);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index d1ecb29..708a695 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -340,38 +340,7 @@ struct x509_revoked_st {
 
 DECLARE_STACK_OF(X509_REVOKED)
 
-typedef struct X509_crl_info_st {
-    ASN1_INTEGER *version;
-    X509_ALGOR *sig_alg;
-    X509_NAME *issuer;
-    ASN1_TIME *lastUpdate;
-    ASN1_TIME *nextUpdate;
-    STACK_OF(X509_REVOKED) *revoked;
-    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-    ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
-    /* actual signature */
-    X509_CRL_INFO *crl;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-    int flags;
-    /* Copies of various extensions */
-    AUTHORITY_KEYID *akid;
-    ISSUING_DIST_POINT *idp;
-    /* Convenient breakdown of IDP */
-    int idp_flags;
-    int idp_reasons;
-    /* CRL and base CRL numbers for delta processing */
-    ASN1_INTEGER *crl_number;
-    ASN1_INTEGER *base_crl_number;
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-    STACK_OF(GENERAL_NAMES) *issuers;
-    const X509_CRL_METHOD *meth;
-    void *meth_data;
-} /* X509_CRL */ ;
+typedef struct X509_crl_info_st X509_CRL_INFO;
 
 DECLARE_STACK_OF(X509_CRL)
 
@@ -494,12 +463,6 @@ extern "C" {
 # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
 # define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
-# define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
 void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
 X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                      int (*crl_free) (X509_CRL *crl),
@@ -834,6 +797,14 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_sort(X509_CRL *crl);
 void X509_CRL_up_ref(X509_CRL *crl);
 
+long X509_CRL_get_version(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             const X509_CRL *crl);
+
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 
diff --git a/util/libeay.num b/util/libeay.num
index 080066a..0cf3cb7 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4595,3 +4595,9 @@ X509_CRL_up_ref                         4953	EXIST::FUNCTION:
 X509_get_extension_flags                4954	EXIST::FUNCTION:
 X509_get_extended_key_usage             4955	EXIST::FUNCTION:
 X509_get_key_usage                      4956	EXIST::FUNCTION:
+X509_CRL_get_issuer                     4957	EXIST::FUNCTION:
+X509_CRL_get_nextUpdate                 4958	EXIST::FUNCTION:
+X509_CRL_get0_signature                 4959	EXIST::FUNCTION:
+X509_CRL_get_REVOKED                    4960	EXIST::FUNCTION:
+X509_CRL_get_version                    4961	EXIST::FUNCTION:
+X509_CRL_get_lastUpdate                 4962	EXIST::FUNCTION:


More information about the openssl-commits mailing list