OpenSSL: openssl/ CHANGES openssl/crypto/asn1/ x_crl.c x_x509.c ...

  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
24-Jul-2006 14:39:23
  Branch: HEAD                             Handle:
2006072413392002

  Modified files:
    openssl                 CHANGES
    openssl/crypto          ossl_typ.h
    openssl/crypto/asn1     x_crl.c x_x509.c
    openssl/crypto/x509     x509.h x509_cmp.c
    openssl/crypto/x509v3   v3_purp.c x509v3.h

  Log:
    Cache some CRL related extensions.

  Summary:
    Revision    Changes     Path
    1.1343      +6  -0      openssl/CHANGES
    1.25        +37 -1      openssl/crypto/asn1/x_crl.c
    1.26        +2  -0      openssl/crypto/asn1/x_x509.c
    1.14        +4  -0      openssl/crypto/ossl_typ.h
    1.144       +9  -1      openssl/crypto/x509/x509.h
    1.32        +7  -0      openssl/crypto/x509/x509_cmp.c
    1.36        +1  -0      openssl/crypto/x509v3/v3_purp.c
    1.107       +6  -6      openssl/crypto/x509v3/x509v3.h
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/CHANGES
 
============================================================
================
  $ cvs diff -u -r1.1342 -r1.1343 CHANGES
  --- openssl/CHANGES	18 Jul 2006 12:36:17 -0000	1.1342
  +++ openssl/CHANGES	24 Jul 2006 12:39:20 -0000	1.1343
   -4,6 +4,12 
   
    Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]
   
  +  *) New function X509_CRL_match() to check if two CRLs
are identical. Normally
  +     this would be called X509_CRL_cmp() but that name is
already used by
  +     a function that just compares CRL issuer names.
Cache several CRL 
  +     extensions in X509_CRL structure and cache CRLDP in
X509.
  +     [Steve Henson]
  +
     *) Store a "canonical" representation of
X509_NAME structure (ASN1 Name)
        this maps equivalent X509_NAME structures into a
consistent structure.
        Name comparison can then be performed rapidly using
memcmp().
   .
  patch -p0 <<' .'
  Index: openssl/crypto/asn1/x_crl.c
 
============================================================
================
  $ cvs diff -u -r1.24 -r1.25 x_crl.c
  --- openssl/crypto/asn1/x_crl.c	2 Oct 2005 12:41:11
-0000	1.24
  +++ openssl/crypto/asn1/x_crl.c	24 Jul 2006 12:39:21
-0000	1.25
   -60,6 +60,7 
   #include "cryptlib.h"
   #include <openssl/asn1t.h>
   #include <openssl/x509.h>
  +#include <openssl/x509v3.h>
   
   static int X509_REVOKED_cmp(const X509_REVOKED * const
*a,
   				const X509_REVOKED * const *b);
   -102,7 +103,42 
   	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions,
X509_EXTENSION, 0)
   } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
   
  -ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
  +/* The X509_CRL structure needs a bit of customisation.
Cache some extensions
  + * and hash of the whole CRL.
  + */
  +static int crl_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
  +								void *exarg)
  +	{
  +	X509_CRL *crl = (X509_CRL *)*pval;
  +
  +	switch(operation)
  +		{
  +		case ASN1_OP_NEW_POST:
  +		crl->idp = NULL;
  +		crl->akid = NULL;
  +		break;
  +
  +		case ASN1_OP_D2I_POST:
  +#ifndef OPENSSL_NO_SHA
  +		X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash,
NULL);
  +#endif
  +		crl->idp = X509_CRL_get_ext_d2i(crl,
  +				NID_issuing_distribution_point, NULL, NULL);
  +		crl->akid = X509_CRL_get_ext_d2i(crl,
  +				NID_authority_key_identifier, NULL, NULL);	
  +		break;
  +
  +		case ASN1_OP_FREE_POST:
  +		if (crl->akid)
  +			AUTHORITY_KEYID_free(crl->akid);
  +		if (crl->idp)
  +			ISSUING_DIST_POINT_free(crl->idp);
  +		break;
  +		}
  +	return 1;
  +	}
  +
  +ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL)
= {
   	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
   	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
   	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
   .
  patch -p0 <<' .'
  Index: openssl/crypto/asn1/x_x509.c
 
============================================================
================
  $ cvs diff -u -r1.25 -r1.26 x_x509.c
  --- openssl/crypto/asn1/x_x509.c	1 Sep 2005 20:42:49
-0000	1.25
  +++ openssl/crypto/asn1/x_x509.c	24 Jul 2006 12:39:21
-0000	1.26
   -96,6 +96,7 
   		ret->skid = NULL;
   		ret->akid = NULL;
   		ret->aux = NULL;
  +		ret->crldp = NULL;
   		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret,
&ret->ex_data);
   		break;
   
   -109,6 +110,7 
   		X509_CERT_AUX_free(ret->aux);
   		ASN1_OCTET_STRING_free(ret->skid);
   		AUTHORITY_KEYID_free(ret->akid);
  +		CRL_DIST_POINTS_free(ret->crldp);
   		policy_cache_free(ret->policy_cache);
   
   		if (ret->name != NULL) OPENSSL_free(ret->name);
   .
  patch -p0 <<' .'
  Index: openssl/crypto/ossl_typ.h
 
============================================================
================
  $ cvs diff -u -r1.13 -r1.14 ossl_typ.h
  --- openssl/crypto/ossl_typ.h	17 Jul 2006 12:18:27
-0000	1.13
  +++ openssl/crypto/ossl_typ.h	24 Jul 2006 12:39:21
-0000	1.14
   -168,6 +168,10 
   typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
   typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
   
  +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
  +typedef struct DIST_POINT_st DIST_POINT;
  +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
  +
     /* If placed in pkcs12.h, we end up with a circular
depency with pkcs7.h */
   #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
   #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
   .
  patch -p0 <<' .'
  Index: openssl/crypto/x509/x509.h
 
============================================================
================
  $ cvs diff -u -r1.143 -r1.144 x509.h
  --- openssl/crypto/x509/x509.h	20 Jul 2006 16:56:47
-0000	1.143
  +++ openssl/crypto/x509/x509.h	24 Jul 2006 12:39:22
-0000	1.144
   -288,8 +288,9 
   	unsigned long ex_xkusage;
   	unsigned long ex_nscert;
   	ASN1_OCTET_STRING *skid;
  -	struct AUTHORITY_KEYID_st *akid;
  +	AUTHORITY_KEYID *akid;
   	X509_POLICY_CACHE *policy_cache;
  +	STACK_OF(DIST_POINT) *crldp;
   #ifndef OPENSSL_NO_SHA
   	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
   #endif
   -449,6 +450,13 
   	X509_ALGOR *sig_alg;
   	ASN1_BIT_STRING *signature;
   	int references;
  +	int flags;
  +	/* Copies of various extensions */
  +	AUTHORITY_KEYID *akid;
  +	ISSUING_DIST_POINT *idp;
  +#ifndef OPENSSL_NO_SHA
  +	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
  +#endif
   	} /* X509_CRL */;
   
   DECLARE_STACK_OF(X509_CRL)
   .
  patch -p0 <<' .'
  Index: openssl/crypto/x509/x509_cmp.c
 
============================================================
================
  $ cvs diff -u -r1.31 -r1.32 x509_cmp.c
  --- openssl/crypto/x509/x509_cmp.c	18 Jul 2006 12:36:19
-0000	1.31
  +++ openssl/crypto/x509/x509_cmp.c	24 Jul 2006 12:39:22
-0000	1.32
   -116,6 +116,13 
  
	return(X509_NAME_cmp(a->crl->issuer,b->crl->iss
uer));
   	}
   
  +#ifndef OPENSSL_NO_SHA
  +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
  +	{
  +	return memcmp(a->sha1_hash, b->sha1_hash, 20);
  +	}
  +#endif
  +
   X509_NAME *X509_get_issuer_name(X509 *a)
   	{
   	return(a->cert_info->issuer);
   .
  patch -p0 <<' .'
  Index: openssl/crypto/x509v3/v3_purp.c
 
============================================================
================
  $ cvs diff -u -r1.35 -r1.36 v3_purp.c
  --- openssl/crypto/x509v3/v3_purp.c	12 Feb 2006 23:11:46
-0000	1.35
  +++ openssl/crypto/x509v3/v3_purp.c	24 Jul 2006 12:39:22
-0000	1.36
   -412,6 +412,7 
   	}
   	x->skid =X509_get_ext_d2i(x,
NID_subject_key_identifier, NULL, NULL);
   	x->akid =X509_get_ext_d2i(x,
NID_authority_key_identifier, NULL, NULL);
  +	x->crldp = X509_get_ext_d2i(x,
NID_crl_distribution_points, NULL, NULL);
   	for (i = 0; i < X509_get_ext_count(x); i++)
   		{
   		ex = X509_get_ext(x, i);
   .
  patch -p0 <<' .'
  Index: openssl/crypto/x509v3/x509v3.h
 
============================================================
================
  $ cvs diff -u -r1.106 -r1.107 x509v3.h
  --- openssl/crypto/x509v3/x509v3.h	12 Feb 2006 23:11:47
-0000	1.106
  +++ openssl/crypto/x509v3/x509v3.h	24 Jul 2006 12:39:22
-0000	1.107
   -222,22 +222,22 
   } name;
   } DIST_POINT_NAME;
   
  -typedef struct DIST_POINT_st {
  +struct DIST_POINT_st {
   DIST_POINT_NAME	*distpoint;
   ASN1_BIT_STRING *reasons;
   GENERAL_NAMES *CRLissuer;
  -} DIST_POINT;
  +};
   
   typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
   
   DECLARE_STACK_OF(DIST_POINT)
   DECLARE_ASN1_SET_OF(DIST_POINT)
   
  -typedef struct AUTHORITY_KEYID_st {
  +struct AUTHORITY_KEYID_st {
   ASN1_OCTET_STRING *keyid;
   GENERAL_NAMES *issuer;
   ASN1_INTEGER *serial;
  -} AUTHORITY_KEYID;
  +};
   
   /* Strong extranet structures */
   
   -329,7 +329,7 
   DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
   DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
   
  -typedef struct ISSUING_DIST_POINT_st
  +struct ISSUING_DIST_POINT_st
   	{
   	DIST_POINT_NAME *distpoint;
   	int onlyuser;
   -337,7 +337,7 
   	ASN1_BIT_STRING *onlysomereasons;
   	int indirectCRL;
   	int onlyattr;
  -	} ISSUING_DIST_POINT;
  +	};
   
   #define X509V3_conf_err(val) ERR_add_error_data(6,
"section:", val->section, \
   ",name:", val->name,
",value:", val->value);
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org