X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fx_crl.c;h=b99f8fc522c1e2a6b25f72a61b3ffb0cf3a67ecb;hp=1f302d0e01eb39b5ee32fd264d3986d4d2db9400;hb=7bdeeb64ac00caacfa476ac73bec52bea0aade34;hpb=26a3a48d65c7464b400ec1de439994d7f0d25fed diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 1f302d0e01..b99f8fc522 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -58,275 +58,59 @@ #include #include "cryptlib.h" -#include +#include #include static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b); -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b); -int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); - M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); - M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION); - - M_ASN1_I2D_finish(); - } - -X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp, - long length) - { - M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME); - M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions, - d2i_X509_EXTENSION,X509_EXTENSION_free); - M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED); - } - -int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) - { - int v1=0; - long l=0; - int (*old_cmp)(const X509_REVOKED * const *, - const X509_REVOKED * const *); - M_ASN1_I2D_vars(a); - - old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); - sk_X509_REVOKED_sort(a->revoked); - sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); - - if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0)) - { - M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER); - } - M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR); - M_ASN1_I2D_len(a->issuer,i2d_X509_NAME); - M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME); - if (a->nextUpdate != NULL) - { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, - i2d_X509_REVOKED); - M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION,0, - V_ASN1_SEQUENCE,v1); - - M_ASN1_I2D_seq_total(); - - if ((a->version != NULL) && (l != 0)) - { - M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER); - } - M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR); - M_ASN1_I2D_put(a->issuer,i2d_X509_NAME); - M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME); - if (a->nextUpdate != NULL) - { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, - i2d_X509_REVOKED); - M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION,0, - V_ASN1_SEQUENCE,v1); - - M_ASN1_I2D_finish(); - } - -X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp, - long length) - { - int i,ver=0; - M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new); - - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER); - if (ret->version != NULL) - ver=ret->version->data[0]; - - if ((ver == 0) && (ret->version != NULL)) - { - M_ASN1_INTEGER_free(ret->version); - ret->version=NULL; - } - M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME); - M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME); - /* Manually handle the OPTIONAL ASN1_TIME stuff */ - /* First try UTCTime */ - M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME, V_ASN1_UTCTIME); - /* If that doesn't work try GeneralizedTime */ - if(!ret->nextUpdate) - M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME, - V_ASN1_GENERALIZEDTIME); - if (ret->revoked != NULL) - { - while (sk_X509_REVOKED_num(ret->revoked)) - X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked)); - } - M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED, - X509_REVOKED_free); - - if (ret->revoked != NULL) - { - for (i=0; irevoked); i++) - { - sk_X509_REVOKED_value(ret->revoked,i)->sequence=i; - } - } - - if (ret->extensions != NULL) - { - while (sk_X509_EXTENSION_num(ret->extensions)) - X509_EXTENSION_free( - sk_X509_EXTENSION_pop(ret->extensions)); - } - - M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions, - d2i_X509_EXTENSION, - X509_EXTENSION_free,0, - V_ASN1_SEQUENCE); - - M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO); - } - -int i2d_X509_CRL(X509_CRL *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO); - M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR); - M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO); - M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR); - M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING); - M_ASN1_I2D_finish(); - } - -X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length) - { - M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO); - M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); - - M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL); - } - - -X509_REVOKED *X509_REVOKED_new(void) - { - X509_REVOKED *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509_REVOKED); - M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new); - M_ASN1_New(ret->revocationDate,M_ASN1_UTCTIME_new); - ret->extensions=NULL; - return(ret); - M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW); - } - -X509_CRL_INFO *X509_CRL_INFO_new(void) - { - X509_CRL_INFO *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509_CRL_INFO); - ret->version=NULL; - M_ASN1_New(ret->sig_alg,X509_ALGOR_new); - M_ASN1_New(ret->issuer,X509_NAME_new); - M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new); - ret->nextUpdate=NULL; - M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null); - M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null); - sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp); - return(ret); - M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); - } +ASN1_SEQUENCE(X509_REVOKED) = { + ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), + ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), + ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) +} ASN1_SEQUENCE_END(X509_REVOKED) -X509_CRL *X509_CRL_new(void) - { - X509_CRL *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509_CRL); - ret->references=1; - M_ASN1_New(ret->crl,X509_CRL_INFO_new); - M_ASN1_New(ret->sig_alg,X509_ALGOR_new); - M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new); - return(ret); - M_ASN1_New_Error(ASN1_F_X509_CRL_NEW); - } - -void X509_REVOKED_free(X509_REVOKED *a) - { - if (a == NULL) return; - M_ASN1_INTEGER_free(a->serialNumber); - M_ASN1_UTCTIME_free(a->revocationDate); - sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free); - OPENSSL_free(a); - } - -void X509_CRL_INFO_free(X509_CRL_INFO *a) - { - if (a == NULL) return; - M_ASN1_INTEGER_free(a->version); - X509_ALGOR_free(a->sig_alg); - X509_NAME_free(a->issuer); - M_ASN1_UTCTIME_free(a->lastUpdate); - if (a->nextUpdate) - M_ASN1_UTCTIME_free(a->nextUpdate); - sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free); - sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free); - OPENSSL_free(a); - } - -void X509_CRL_free(X509_CRL *a) - { - int i; - - if (a == NULL) return; - - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL); -#ifdef REF_PRINT - REF_PRINT("X509_CRL",a); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_CRL_free, bad reference count\n"); - abort(); - } -#endif - - X509_CRL_INFO_free(a->crl); - X509_ALGOR_free(a->sig_alg); - M_ASN1_BIT_STRING_free(a->signature); - OPENSSL_free(a); +/* The X509_CRL_INFO structure needs a bit of customisation. + * Since we cache the original encoding the signature wont be affected by + * reordering of the revoked field. + */ +static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; + + if(!a || !a->revoked) return 1; + switch(operation) { + /* Just set cmp function here. We don't sort because that + * would affect the output of X509_CRL_print(). + */ + case ASN1_OP_D2I_POST: + sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); + break; } + return 1; +} + + +ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { + ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), + ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), + ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), + ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), + ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) +} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) + +ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { + ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), + ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) + +IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) +IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) +IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) +IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b) @@ -336,11 +120,19 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a, (ASN1_STRING *)(*b)->serialNumber)); } -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b) - { - return((*a)->sequence-(*b)->sequence); +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) +{ + X509_CRL_INFO *inf; + inf = crl->crl; + if(!inf->revoked) + inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); + if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { + ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); + return 0; } + inf->enc.modified = 1; + return 1; +} IMPLEMENT_STACK_OF(X509_REVOKED) IMPLEMENT_ASN1_SET_OF(X509_REVOKED)