List Info

Thread: OpenSSL: openssl/crypto/asn1/ asn1_locl.h x_crl.c openssl/crypto...
OpenSSL: openssl/crypto/asn1/ asn1_locl.h x_crl.c openssl/crypto...
user name
 2006-10-03 02:48:01 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
03-Oct-2006 04:48:00
  Branch: HEAD                             Handle:
2006100303475801

  Modified files:
    openssl/crypto/asn1     asn1_locl.h x_crl.c
    openssl/crypto/x509     x509.h

  Log:
    Place standard CRL behaviour in default X509_CRL_METHOD
new functions to
    create, free and set default CRL method.

  Summary:
    Revision    Changes     Path
    1.9         +3  -0      openssl/crypto/asn1/asn1_locl.h
    1.29        +84 -9      openssl/crypto/asn1/x_crl.c
    1.148       +18 -1      openssl/crypto/x509/x509.h
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/crypto/asn1/asn1_locl.h
 
============================================================
================
  $ cvs diff -u -r1.8 -r1.9 asn1_locl.h
  --- openssl/crypto/asn1/asn1_locl.h	21 Sep 2006 12:42:14
-0000	1.8
  +++ openssl/crypto/asn1/asn1_locl.h	3 Oct 2006 02:47:58
-0000	1.9
   -121,8 +121,11 
    * efficient callbacks: for example a CRL entry database.
    */
   
  +#define X509_CRL_METHOD_DYNAMIC		1
  +
   struct x509_crl_method_st
   	{
  +	int flags;
   	int (*crl_init)(X509_CRL *crl);
   	int (*crl_free)(X509_CRL *crl);
   	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
ASN1_INTEGER *ser);
   .
  patch -p0 <<' .'
  Index: openssl/crypto/asn1/x_crl.c
 
============================================================
================
  $ cvs diff -u -r1.28 -r1.29 x_crl.c
  --- openssl/crypto/asn1/x_crl.c	21 Sep 2006 12:48:56
-0000	1.28
  +++ openssl/crypto/asn1/x_crl.c	3 Oct 2006 02:47:58
-0000	1.29
   -73,6 +73,20 
   	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions,
X509_EXTENSION)
   } ASN1_SEQUENCE_END(X509_REVOKED)
   
  +static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
  +static int def_crl_lookup(X509_CRL *crl,
  +		X509_REVOKED **ret, ASN1_INTEGER *serial);
  +
  +static X509_CRL_METHOD int_crl_meth =
  +	{
  +	0,
  +	0,0,
  +	def_crl_lookup,
  +	def_crl_verify
  +	};
  +
  +static const X509_CRL_METHOD *default_crl_method =
&int_crl_meth;
  +
   /* The X509_CRL_INFO structure needs a bit of
customisation.
    * Since we cache the original encoding the signature
wont be affected by
    * reordering of the revoked field.
   -123,7 +137,8 
   		crl->akid = NULL;
   		crl->flags = 0;
   		crl->idp_flags = 0;
  -		crl->meth = 0;
  +		crl->meth = default_crl_method;
  +		crl->meth_data = NULL;
   		break;
   
   		case ASN1_OP_D2I_POST:
   -161,13 +176,19 
   				break;
   				}
   			}
  -		if (crl->meth && crl->meth->crl_init)
  -			return crl->meth->crl_init(crl);
  +		if (crl->meth->crl_init)
  +			{
  +			if (crl->meth->crl_init(crl) == 0)
  +				return 0;
  +			}
   		break;
   
   		case ASN1_OP_FREE_POST:
  -		if (crl->meth && crl->meth->crl_free)
  -			return crl->meth->crl_free(crl);
  +		if (crl->meth->crl_free)
  +			{
  +			if (!crl->meth->crl_free(crl))
  +				return 0;
  +			}
   		if (crl->akid)
   			AUTHORITY_KEYID_free(crl->akid);
   		if (crl->idp)
   -252,19 +273,30 
   
   int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
   	{
  -	if (crl->meth && crl->meth->crl_verify)
  +	if (crl->meth->crl_verify)
   		return crl->meth->crl_verify(crl, r);
  +	return 0;
  +	}
  +
  +int X509_CRL_get0_by_serial(X509_CRL *crl,
  +		X509_REVOKED **ret, ASN1_INTEGER *serial)
  +	{
  +	if (crl->meth->crl_lookup)
  +		return crl->meth->crl_lookup(crl, ret, serial);
  +	return 0;
  +	}
  +
  +static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
  +	{
   	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
   		crl->sig_alg, crl->signature,crl->crl,r));
   	}
   
  -int X509_CRL_get0_by_serial(X509_CRL *crl,
  +static int def_crl_lookup(X509_CRL *crl,
   		X509_REVOKED **ret, ASN1_INTEGER *serial)
   	{
   	X509_REVOKED rtmp;
   	int idx;
  -	if (crl->meth && crl->meth->crl_lookup)
  -		return crl->meth->crl_lookup(crl, ret, serial);
   	rtmp.serialNumber = serial;
   	/* Sort revoked into serial number order if not already
sorted.
   	 * Do this under a lock to avoid race condition.
   -288,6 +320,49 
   	return 0;
   	}
   
  +void X509_CRL_set_default_method(const X509_CRL_METHOD
*meth)
  +	{
  +	if (meth == NULL)
  +		default_crl_method = &int_crl_meth;
  +	else 
  +		default_crl_method = meth;
  +	}
  +
  +X509_CRL_METHOD *X509_CRL_METHOD_new(
  +	int (*crl_init)(X509_CRL *crl),
  +	int (*crl_free)(X509_CRL *crl),
  +	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
ASN1_INTEGER *ser),
  +	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
  +	{
  +	X509_CRL_METHOD *m;
  +	m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
  +	if (!m)
  +		return NULL;
  +	m->crl_init = crl_init;
  +	m->crl_free = crl_free;
  +	m->crl_lookup = crl_lookup;
  +	m->crl_verify = crl_verify;
  +	m->flags = X509_CRL_METHOD_DYNAMIC;
  +	return m;
  +	}
  +
  +void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
  +	{
  +	if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
  +		return;
  +	OPENSSL_free(m);
  +	}
  +
  +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
  +	{
  +	crl->meth_data = dat;
  +	}
  +
  +void *X509_CRL_get_meth_data(X509_CRL *crl)
  +	{
  +	return crl->meth_data;
  +	}
  +
   IMPLEMENT_STACK_OF(X509_REVOKED)
   IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
   IMPLEMENT_STACK_OF(X509_CRL)
   .
  patch -p0 <<' .'
  Index: openssl/crypto/x509/x509.h
 
============================================================
================
  $ cvs diff -u -r1.147 -r1.148 x509.h
  --- openssl/crypto/x509/x509.h	21 Sep 2006 12:42:15
-0000	1.147
  +++ openssl/crypto/x509/x509.h	3 Oct 2006 02:47:59
-0000	1.148
   -460,7 +460,8 
   #ifndef OPENSSL_NO_SHA
   	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
   #endif
  -	X509_CRL_METHOD *meth;
  +	const X509_CRL_METHOD *meth;
  +	void *meth_data;
   	} /* X509_CRL */;
   
   DECLARE_STACK_OF(X509_CRL)
   -748,6 +749,22 
   #define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
   #define		X509_CRL_get_REVOKED(x)
((x)->crl->revoked)
   
  +void X509_CRL_set_default_method(const X509_CRL_METHOD
*meth);
  +X509_CRL_METHOD *X509_CRL_METHOD_new(
  +	int (*crl_init)(X509_CRL *crl),
  +	int (*crl_free)(X509_CRL *crl),
  +	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
ASN1_INTEGER *ser),
  +	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
  +void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
  +
  +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
  +void *X509_CRL_get_meth_data(X509_CRL *crl);
  +
  +IMPLEMENT_STACK_OF(X509_REVOKED)
  +IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
  +IMPLEMENT_STACK_OF(X509_CRL)
  +IMPLEMENT_ASN1_SET_OF(X509_CRL)
  +
   /* This one is only used so that a binary form can
output, as in
    * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
   #define 	X509_get_X509_PUBKEY(x)
((x)->cert_info->key)
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )