[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Sep 16 22:42:34 UTC 2015
The branch master has been updated
via 7aef39a72a2d3a7a2b0e222137a45e1b1406668d (commit)
via 2869e79f421bb8d350500cddfd87fdf5d40cd4ba (commit)
via de17bd5d7f8286d8b1f0a04a3f8f5782033f5ebd (commit)
from 05e97f1d4f940c765e5c93771fe20820acca4438 (commit)
- Log -----------------------------------------------------------------
commit 7aef39a72a2d3a7a2b0e222137a45e1b1406668d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Sep 16 00:24:43 2015 +0100
X509_CRL_INFO embed
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 2869e79f421bb8d350500cddfd87fdf5d40cd4ba
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Sep 15 17:10:51 2015 +0100
Change X509_VAL in X509 structure to embedded.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit de17bd5d7f8286d8b1f0a04a3f8f5782033f5ebd
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Sep 15 15:54:19 2015 +0100
New ASN.1 embed macro.
New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
structure is not allocated: it is part of the parent. That is instead of
FOO *x;
it must be:
FOO x;
This reduces memory fragmentation and make it impossible to accidentally
set a mandatory field to NULL.
This currently only works for SEQUENCE and since it is equivalent to
ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or SEQUENCE OF.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_err.c | 2 +-
crypto/asn1/t_crl.c | 2 +-
crypto/asn1/tasn_dec.c | 10 ++++++++++
crypto/asn1/tasn_enc.c | 10 ++++++++++
crypto/asn1/tasn_fre.c | 27 ++++++++++++++++++++-----
crypto/asn1/tasn_new.c | 29 +++++++++++++++++++++------
crypto/asn1/x_crl.c | 18 ++++++++---------
crypto/asn1/x_x509.c | 2 +-
crypto/include/internal/x509_int.h | 2 +-
crypto/x509/by_dir.c | 10 +++-------
crypto/x509/x509_cmp.c | 4 ++--
crypto/x509/x509_ext.c | 18 ++++++++---------
crypto/x509/x509_lu.c | 4 +---
crypto/x509/x509_r2x.c | 4 ++--
crypto/x509/x509_set.c | 20 +++++++++----------
crypto/x509/x509cset.c | 40 +++++++++++++++++++-------------------
crypto/x509/x_all.c | 12 ++++++------
crypto/x509v3/v3_conf.c | 2 +-
include/openssl/asn1.h | 2 +-
include/openssl/asn1t.h | 5 +++++
include/openssl/x509.h | 2 +-
21 files changed, 139 insertions(+), 86 deletions(-)
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 5dfd21b..0d1cf0c 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -104,7 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "ASN1_ITEM_EMBED_NEW"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index 06c61ea..51841c0 100644
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -108,7 +108,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
BIO_printf(out, "NONE");
BIO_printf(out, "\n");
- X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8);
+ X509V3_extensions_print(out, "CRL extensions", x->crl.extensions, 0, 8);
rev = X509_CRL_get_REVOKED(x);
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 732b425..939ee20 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -524,6 +524,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
{
int flags, aclass;
int ret;
+ ASN1_VALUE *tval;
const unsigned char *p, *q;
if (!val)
return 0;
@@ -533,6 +534,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
p = *in;
q = p;
+ /*
+ * If field is embedded then val needs fixing so it is a pointer to
+ * a pointer to a field.
+ */
+ if (tt->flags & ASN1_TFLG_EMBED) {
+ tval = (ASN1_VALUE *)val;
+ val = &tval;
+ }
+
if (flags & ASN1_TFLG_SK_MASK) {
/* SET OF, SEQUENCE OF */
int sktag, skaclass;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 35860e4..e2feee0 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -244,7 +244,17 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
int i, ret, flags, ttag, tclass, ndef;
+ ASN1_VALUE *tval;
flags = tt->flags;
+
+ /*
+ * If field is embedded then val needs fixing so it is a pointer to
+ * a pointer to a field.
+ */
+ if (flags & ASN1_TFLG_EMBED) {
+ tval = (ASN1_VALUE *)pval;
+ pval = &tval;
+ }
/*
* Work out tag and class to use: tagging may come either from the
* template or the arguments, not both because this would create
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index e846561..e219e2c 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -63,15 +63,24 @@
#include <openssl/objects.h>
#include "asn1_locl.h"
+static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int embed);
+
/* Free up an ASN1 structure */
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
{
- ASN1_item_ex_free(&val, it);
+ asn1_item_embed_free(&val, it, 0);
}
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
+ asn1_item_embed_free(pval, it, 0);
+}
+
+static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int embed)
+{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
@@ -152,14 +161,22 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
- OPENSSL_free(*pval);
- *pval = NULL;
+ if (embed == 0) {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
break;
}
}
void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
+ int embed = tt->flags & ASN1_TFLG_EMBED;
+ ASN1_VALUE *tval;
+ if (embed) {
+ tval = (ASN1_VALUE *)pval;
+ pval = &tval;
+ }
if (tt->flags & ASN1_TFLG_SK_MASK) {
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
int i;
@@ -167,12 +184,12 @@ void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
- ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+ asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
}
sk_ASN1_VALUE_free(sk);
*pval = NULL;
} else {
- ASN1_item_ex_free(pval, ASN1_ITEM_ptr(tt->item));
+ asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
}
}
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index e7ceda3..294912c 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -65,6 +65,8 @@
#include <string.h>
#include "asn1_locl.h"
+static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int embed);
static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
@@ -83,6 +85,11 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
+ return asn1_item_embed_new(pval, it, 0);
+}
+
+int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
const ASN1_TEMPLATE *tt = NULL;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
@@ -157,9 +164,13 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
return 1;
}
}
- *pval = OPENSSL_zalloc(it->size);
- if (!*pval)
- goto memerr;
+ if (embed) {
+ memset(*pval, 0, it->size);
+ } else {
+ *pval = OPENSSL_zalloc(it->size);
+ if (!*pval)
+ goto memerr;
+ }
asn1_do_lock(pval, 0, it);
asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
@@ -178,7 +189,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
return 1;
memerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_pop_info();
@@ -186,7 +197,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
return 0;
auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ASN1_R_AUX_ERROR);
+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
if (it->sname)
@@ -232,7 +243,13 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+ int embed = tt->flags & ASN1_TFLG_EMBED;
+ ASN1_VALUE *tval;
int ret;
+ if (embed) {
+ tval = (ASN1_VALUE *)pval;
+ pval = &tval;
+ }
if (tt->flags & ASN1_TFLG_OPTIONAL) {
asn1_template_clear(pval, tt);
return 1;
@@ -261,7 +278,7 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
goto done;
}
/* Otherwise pass it back to the item routine */
- ret = ASN1_item_ex_new(pval, it);
+ ret = asn1_item_embed_new(pval, it, embed);
done:
#ifdef CRYPTO_MDEBUG
if (it->sname)
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 73f78c4..14ba327 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -249,7 +249,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
* directly: applications shouldn't do this.
*/
- exts = crl->crl->extensions;
+ exts = crl->crl.extensions;
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid;
@@ -331,7 +331,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
}
ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
- ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+ ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
@@ -356,7 +356,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
{
X509_CRL_INFO *inf;
- inf = crl->crl;
+ inf = &crl->crl;
if (!inf->revoked)
inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
@@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
{
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
- crl->sig_alg, crl->signature, crl->crl, r));
+ crl->sig_alg, crl->signature, &crl->crl, r));
}
static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
@@ -435,17 +435,17 @@ static int def_crl_lookup(X509_CRL *crl,
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
*/
- if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
+ if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
- sk_X509_REVOKED_sort(crl->crl->revoked);
+ sk_X509_REVOKED_sort(crl->crl.revoked);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
}
- idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+ idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
if (idx < 0)
return 0;
/* Need to look for matching name */
- for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
- rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
+ for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+ rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
return 0;
if (crl_revoked_issuer_match(crl, issuer, rev)) {
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index d8d55b2..c276874 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -68,7 +68,7 @@ ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
- ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+ ASN1_EMBED(X509_CINF, validity, X509_VAL),
ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index f8677a0..7c31289 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -119,7 +119,7 @@ struct X509_crl_info_st {
struct X509_crl_st {
/* actual signature */
- X509_CRL_INFO *crl;
+ X509_CRL_INFO crl;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int references;
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index f55e235..5f423e0 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -257,10 +257,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
X509 st_x509;
X509_CINF st_x509_cinf;
} x509;
- struct {
- X509_CRL st_crl;
- X509_CRL_INFO st_crl_info;
- } crl;
+ X509_CRL crl;
} data;
int ok = 0;
int i, j, k;
@@ -279,9 +276,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
stmp.data.x509 = &data.x509.st_x509;
postfix = "";
} else if (type == X509_LU_CRL) {
- data.crl.st_crl.crl = &data.crl.st_crl_info;
- data.crl.st_crl_info.issuer = name;
- stmp.data.crl = &data.crl.st_crl;
+ data.crl.crl.issuer = name;
+ stmp.data.crl = &data.crl;
postfix = "r";
} else {
X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 47791c7..1afc7f8 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -120,7 +120,7 @@ int X509_subject_name_cmp(const X509 *a, const X509 *b)
int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
{
- return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
+ return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer));
}
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
@@ -458,7 +458,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
int sign_nid;
if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
return X509_V_OK;
- sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
+ sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags);
}
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index dc4670b..4437d84 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -68,48 +68,48 @@
int X509_CRL_get_ext_count(X509_CRL *x)
{
- return (X509v3_get_ext_count(x->crl->extensions));
+ return (X509v3_get_ext_count(x->crl.extensions));
}
int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
{
- return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
+ return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos));
}
int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
{
- return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
+ return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos));
}
int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
{
- return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
+ return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos));
}
X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
{
- return (X509v3_get_ext(x->crl->extensions, loc));
+ return (X509v3_get_ext(x->crl.extensions, loc));
}
X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
{
- return (X509v3_delete_ext(x->crl->extensions, loc));
+ return (X509v3_delete_ext(x->crl.extensions, loc));
}
void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
{
- return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+ return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
}
int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
unsigned long flags)
{
- return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+ return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
}
int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
{
- return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
+ return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
}
int X509_get_ext_count(X509 *x)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index c53f1e5..1c08eb0 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -422,7 +422,6 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
X509 x509_s;
X509_CINF cinf_s;
X509_CRL crl_s;
- X509_CRL_INFO crl_info_s;
int idx;
stmp.type = type;
@@ -434,8 +433,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
break;
case X509_LU_CRL:
stmp.data.crl = &crl_s;
- crl_s.crl = &crl_info_s;
- crl_info_s.issuer = name;
+ crl_s.crl.issuer = name;
break;
default:
/* abort(); */
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index abf75cd..5d576e9 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -95,9 +95,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
goto err;
- if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
+ if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
goto err;
- if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
+ if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) ==
NULL)
goto err;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index cfff563..0b0d4f5 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -114,14 +114,14 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
- if ((x == NULL) || (x->cert_info->validity == NULL))
+ if (x == NULL)
return (0);
- in = x->cert_info->validity->notBefore;
+ in = x->cert_info->validity.notBefore;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
- ASN1_TIME_free(x->cert_info->validity->notBefore);
- x->cert_info->validity->notBefore = in;
+ ASN1_TIME_free(x->cert_info->validity.notBefore);
+ x->cert_info->validity.notBefore = in;
}
}
return (in != NULL);
@@ -131,14 +131,14 @@ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
- if ((x == NULL) || (x->cert_info->validity == NULL))
+ if (x == NULL)
return (0);
- in = x->cert_info->validity->notAfter;
+ in = x->cert_info->validity.notAfter;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
- ASN1_TIME_free(x->cert_info->validity->notAfter);
- x->cert_info->validity->notAfter = in;
+ ASN1_TIME_free(x->cert_info->validity.notAfter);
+ x->cert_info->validity.notAfter = in;
}
}
return (in != NULL);
@@ -163,12 +163,12 @@ long X509_get_version(X509 *x)
ASN1_TIME * X509_get_notBefore(X509 *x)
{
- return x->cert_info->validity->notBefore;
+ return x->cert_info->validity.notBefore;
}
ASN1_TIME *X509_get_notAfter(X509 *x)
{
- return x->cert_info->validity->notAfter;
+ return x->cert_info->validity.notAfter;
}
int X509_get_signature_type(const X509 *x)
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index ca3f696..e89dbc7 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -69,18 +69,18 @@ int X509_CRL_set_version(X509_CRL *x, long version)
{
if (x == NULL)
return (0);
- if (x->crl->version == NULL) {
- if ((x->crl->version = ASN1_INTEGER_new()) == NULL)
+ if (x->crl.version == NULL) {
+ if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
return (0);
}
- return (ASN1_INTEGER_set(x->crl->version, version));
+ return (ASN1_INTEGER_set(x->crl.version, version));
}
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
{
- if ((x == NULL) || (x->crl == NULL))
+ if (x == NULL)
return (0);
- return (X509_NAME_set(&x->crl->issuer, name));
+ return (X509_NAME_set(&x->crl.issuer, name));
}
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
@@ -89,12 +89,12 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
if (x == NULL)
return (0);
- in = x->crl->lastUpdate;
+ in = x->crl.lastUpdate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
- ASN1_TIME_free(x->crl->lastUpdate);
- x->crl->lastUpdate = in;
+ ASN1_TIME_free(x->crl.lastUpdate);
+ x->crl.lastUpdate = in;
}
}
return (in != NULL);
@@ -106,12 +106,12 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
if (x == NULL)
return (0);
- in = x->crl->nextUpdate;
+ in = x->crl.nextUpdate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
- ASN1_TIME_free(x->crl->nextUpdate);
- x->crl->nextUpdate = in;
+ ASN1_TIME_free(x->crl.nextUpdate);
+ x->crl.nextUpdate = in;
}
}
return (in != NULL);
@@ -124,12 +124,12 @@ int X509_CRL_sort(X509_CRL *c)
/*
* sort the data so it will be written in serial number order
*/
- sk_X509_REVOKED_sort(c->crl->revoked);
- for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
- r = sk_X509_REVOKED_value(c->crl->revoked, i);
+ sk_X509_REVOKED_sort(c->crl.revoked);
+ for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) {
+ r = sk_X509_REVOKED_value(c->crl.revoked, i);
r->sequence = i;
}
- c->crl->enc.modified = 1;
+ c->crl.enc.modified = 1;
return 1;
}
@@ -140,27 +140,27 @@ void X509_CRL_up_ref(X509_CRL *crl)
long X509_CRL_get_version(X509_CRL *crl)
{
- return ASN1_INTEGER_get(crl->crl->version);
+ return ASN1_INTEGER_get(crl->crl.version);
}
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
{
- return crl->crl->lastUpdate;
+ return crl->crl.lastUpdate;
}
ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
{
- return crl->crl->nextUpdate;
+ return crl->crl.nextUpdate;
}
X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
{
- return crl->crl->issuer;
+ return crl->crl.issuer;
}
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
{
- return crl->crl->revoked;
+ return crl->crl.revoked;
}
void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 591a951..ab258be 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -128,17 +128,17 @@ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
- x->crl->enc.modified = 1;
- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
- x->sig_alg, x->signature, x->crl, pkey, md));
+ x->crl.enc.modified = 1;
+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl.sig_alg,
+ x->sig_alg, x->signature, &x->crl, pkey, md));
}
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
- x->crl->enc.modified = 1;
+ x->crl.enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
- x->crl->sig_alg, x->sig_alg, x->signature,
- x->crl, ctx);
+ x->crl.sig_alg, x->sig_alg, x->signature,
+ &x->crl, ctx);
}
int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index f1f8bb4..3d5963c 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -387,7 +387,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
{
STACK_OF(X509_EXTENSION) **sk = NULL;
if (crl)
- sk = &crl->crl->extensions;
+ sk = &crl->crl.extensions;
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 5b3b7d3..3a67d61 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -943,7 +943,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_ITEM_D2I_FP 206
# define ASN1_F_ASN1_ITEM_DUP 191
# define ASN1_F_ASN1_ITEM_EX_D2I 120
-# define ASN1_F_ASN1_ITEM_EX_NEW 121
+# define ASN1_F_ASN1_ITEM_EMBED_NEW 121
# define ASN1_F_ASN1_ITEM_I2D_BIO 192
# define ASN1_F_ASN1_ITEM_I2D_FP 193
# define ASN1_F_ASN1_ITEM_PACK 198
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 4a4e1ef..68f6264 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -390,6 +390,8 @@ extern "C" {
# endif
/* Plain simple type */
# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
/* OPTIONAL simple type */
# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
@@ -616,6 +618,9 @@ struct ASN1_ADB_TABLE_st {
# define ASN1_TFLG_NDEF (0x1<<11)
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED (0x1 << 12)
+
/* This is the actual ASN1 item itself */
struct ASN1_ITEM_st {
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 751150d..d0933b0 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -169,7 +169,7 @@ typedef struct x509_cinf_st {
ASN1_INTEGER *serialNumber;
X509_ALGOR *signature;
X509_NAME *issuer;
- X509_VAL *validity;
+ X509_VAL validity;
X509_NAME *subject;
X509_PUBKEY *key;
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
More information about the openssl-commits
mailing list