OLD | NEW |
1 /* crypto/asn1/x_crl.c */ | 1 /* crypto/asn1/x_crl.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 | 58 |
59 #include <stdio.h> | 59 #include <stdio.h> |
60 #include "cryptlib.h" | 60 #include "cryptlib.h" |
| 61 #include "asn1_locl.h" |
61 #include <openssl/asn1t.h> | 62 #include <openssl/asn1t.h> |
62 #include <openssl/x509.h> | 63 #include <openssl/x509.h> |
| 64 #include <openssl/x509v3.h> |
63 | 65 |
64 static int X509_REVOKED_cmp(const X509_REVOKED * const *a, | 66 static int X509_REVOKED_cmp(const X509_REVOKED * const *a, |
65 const X509_REVOKED * const *b); | 67 const X509_REVOKED * const *b); |
| 68 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); |
66 | 69 |
67 ASN1_SEQUENCE(X509_REVOKED) = { | 70 ASN1_SEQUENCE(X509_REVOKED) = { |
68 ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), | 71 ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), |
69 ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), | 72 ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), |
70 ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) | 73 ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) |
71 } ASN1_SEQUENCE_END(X509_REVOKED) | 74 } ASN1_SEQUENCE_END(X509_REVOKED) |
72 | 75 |
| 76 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); |
| 77 static int def_crl_lookup(X509_CRL *crl, |
| 78 X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer); |
| 79 |
| 80 static X509_CRL_METHOD int_crl_meth = |
| 81 { |
| 82 0, |
| 83 0,0, |
| 84 def_crl_lookup, |
| 85 def_crl_verify |
| 86 }; |
| 87 |
| 88 static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; |
| 89 |
73 /* The X509_CRL_INFO structure needs a bit of customisation. | 90 /* The X509_CRL_INFO structure needs a bit of customisation. |
74 * Since we cache the original encoding the signature wont be affected by | 91 * Since we cache the original encoding the signature wont be affected by |
75 * reordering of the revoked field. | 92 * reordering of the revoked field. |
76 */ | 93 */ |
77 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 94 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
| 95 » » » » » » » » void *exarg) |
78 { | 96 { |
79 X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; | 97 X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; |
80 | 98 |
81 if(!a || !a->revoked) return 1; | 99 if(!a || !a->revoked) return 1; |
82 switch(operation) { | 100 switch(operation) { |
83 /* Just set cmp function here. We don't sort because that | 101 /* Just set cmp function here. We don't sort because that |
84 * would affect the output of X509_CRL_print(). | 102 * would affect the output of X509_CRL_print(). |
85 */ | 103 */ |
86 case ASN1_OP_D2I_POST: | 104 case ASN1_OP_D2I_POST: |
87 (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); | 105 (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); |
88 break; | 106 break; |
89 } | 107 } |
90 return 1; | 108 return 1; |
91 } | 109 } |
92 | 110 |
93 | 111 |
94 ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { | 112 ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { |
95 ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), | 113 ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), |
96 ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), | 114 ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), |
97 ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), | 115 ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), |
98 ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), | 116 ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), |
99 ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), | 117 ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), |
100 ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), | 118 ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), |
101 ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) | 119 ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) |
102 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) | 120 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) |
103 | 121 |
104 ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { | 122 /* Set CRL entry issuer according to CRL certificate issuer extension. |
| 123 * Check for unhandled critical CRL entry extensions. |
| 124 */ |
| 125 |
| 126 static int crl_set_issuers(X509_CRL *crl) |
| 127 » { |
| 128 |
| 129 » int i, j; |
| 130 » GENERAL_NAMES *gens, *gtmp; |
| 131 » STACK_OF(X509_REVOKED) *revoked; |
| 132 |
| 133 » revoked = X509_CRL_get_REVOKED(crl); |
| 134 |
| 135 » gens = NULL; |
| 136 » for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) |
| 137 » » { |
| 138 » » X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); |
| 139 » » STACK_OF(X509_EXTENSION) *exts; |
| 140 » » ASN1_ENUMERATED *reason; |
| 141 » » X509_EXTENSION *ext; |
| 142 » » gtmp = X509_REVOKED_get_ext_d2i(rev, |
| 143 » » » » » » NID_certificate_issuer, |
| 144 » » » » » » &j, NULL); |
| 145 » » if (!gtmp && (j != -1)) |
| 146 » » » { |
| 147 » » » crl->flags |= EXFLAG_INVALID; |
| 148 » » » return 1; |
| 149 » » » } |
| 150 |
| 151 » » if (gtmp) |
| 152 » » » { |
| 153 » » » gens = gtmp; |
| 154 » » » if (!crl->issuers) |
| 155 » » » » { |
| 156 » » » » crl->issuers = sk_GENERAL_NAMES_new_null(); |
| 157 » » » » if (!crl->issuers) |
| 158 » » » » » return 0; |
| 159 » » » » } |
| 160 » » » if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) |
| 161 » » » » return 0; |
| 162 » » » } |
| 163 » » rev->issuer = gens; |
| 164 |
| 165 » » reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, |
| 166 » » » » » » » » &j, NULL); |
| 167 » » if (!reason && (j != -1)) |
| 168 » » » { |
| 169 » » » crl->flags |= EXFLAG_INVALID; |
| 170 » » » return 1; |
| 171 » » » } |
| 172 |
| 173 » » if (reason) |
| 174 » » » { |
| 175 » » » rev->reason = ASN1_ENUMERATED_get(reason); |
| 176 » » » ASN1_ENUMERATED_free(reason); |
| 177 » » » } |
| 178 » » else |
| 179 » » » rev->reason = CRL_REASON_NONE;» |
| 180 |
| 181 » » /* Check for critical CRL entry extensions */ |
| 182 |
| 183 » » exts = rev->extensions; |
| 184 |
| 185 » » for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) |
| 186 » » » { |
| 187 » » » ext = sk_X509_EXTENSION_value(exts, j); |
| 188 » » » if (ext->critical > 0) |
| 189 » » » » { |
| 190 » » » » if (OBJ_obj2nid(ext->object) == |
| 191 » » » » » NID_certificate_issuer) |
| 192 » » » » » continue; |
| 193 » » » » crl->flags |= EXFLAG_CRITICAL; |
| 194 » » » » break; |
| 195 » » » » } |
| 196 » » » } |
| 197 |
| 198 |
| 199 » » } |
| 200 |
| 201 » return 1; |
| 202 |
| 203 » } |
| 204 |
| 205 /* The X509_CRL structure needs a bit of customisation. Cache some extensions |
| 206 * and hash of the whole CRL. |
| 207 */ |
| 208 static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
| 209 » » » » » » » » void *exarg) |
| 210 » { |
| 211 » X509_CRL *crl = (X509_CRL *)*pval; |
| 212 » STACK_OF(X509_EXTENSION) *exts; |
| 213 » X509_EXTENSION *ext; |
| 214 » int idx; |
| 215 |
| 216 » switch(operation) |
| 217 » » { |
| 218 » » case ASN1_OP_NEW_POST: |
| 219 » » crl->idp = NULL; |
| 220 » » crl->akid = NULL; |
| 221 » » crl->flags = 0; |
| 222 » » crl->idp_flags = 0; |
| 223 » » crl->idp_reasons = CRLDP_ALL_REASONS; |
| 224 » » crl->meth = default_crl_method; |
| 225 » » crl->meth_data = NULL; |
| 226 » » crl->issuers = NULL; |
| 227 » » crl->crl_number = NULL; |
| 228 » » crl->base_crl_number = NULL; |
| 229 » » break; |
| 230 |
| 231 » » case ASN1_OP_D2I_POST: |
| 232 #ifndef OPENSSL_NO_SHA |
| 233 » » X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); |
| 234 #endif |
| 235 » » crl->idp = X509_CRL_get_ext_d2i(crl, |
| 236 » » » » NID_issuing_distribution_point, NULL, NULL); |
| 237 » » if (crl->idp) |
| 238 » » » setup_idp(crl, crl->idp); |
| 239 |
| 240 » » crl->akid = X509_CRL_get_ext_d2i(crl, |
| 241 » » » » NID_authority_key_identifier, NULL, NULL);» |
| 242 |
| 243 » » crl->crl_number = X509_CRL_get_ext_d2i(crl, |
| 244 » » » » NID_crl_number, NULL, NULL);» |
| 245 |
| 246 » » crl->base_crl_number = X509_CRL_get_ext_d2i(crl, |
| 247 » » » » NID_delta_crl, NULL, NULL);» |
| 248 » » /* Delta CRLs must have CRL number */ |
| 249 » » if (crl->base_crl_number && !crl->crl_number) |
| 250 » » » crl->flags |= EXFLAG_INVALID; |
| 251 |
| 252 » » /* See if we have any unhandled critical CRL extensions and |
| 253 » » * indicate this in a flag. We only currently handle IDP so |
| 254 » » * anything else critical sets the flag. |
| 255 » » * |
| 256 » » * This code accesses the X509_CRL structure directly: |
| 257 » » * applications shouldn't do this. |
| 258 » » */ |
| 259 |
| 260 » » exts = crl->crl->extensions; |
| 261 |
| 262 » » for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) |
| 263 » » » { |
| 264 » » » int nid; |
| 265 » » » ext = sk_X509_EXTENSION_value(exts, idx); |
| 266 » » » nid = OBJ_obj2nid(ext->object); |
| 267 » » » if (nid == NID_freshest_crl) |
| 268 » » » » crl->flags |= EXFLAG_FRESHEST; |
| 269 » » » if (ext->critical > 0) |
| 270 » » » » { |
| 271 » » » » /* We handle IDP and deltas */ |
| 272 » » » » if ((nid == NID_issuing_distribution_point) |
| 273 » » » » » || (nid == NID_delta_crl)) |
| 274 » » » » » break;; |
| 275 » » » » crl->flags |= EXFLAG_CRITICAL; |
| 276 » » » » break; |
| 277 » » » » } |
| 278 » » » } |
| 279 |
| 280 |
| 281 » » if (!crl_set_issuers(crl)) |
| 282 » » » return 0; |
| 283 |
| 284 » » if (crl->meth->crl_init) |
| 285 » » » { |
| 286 » » » if (crl->meth->crl_init(crl) == 0) |
| 287 » » » » return 0; |
| 288 » » » } |
| 289 » » break; |
| 290 |
| 291 » » case ASN1_OP_FREE_POST: |
| 292 » » if (crl->meth->crl_free) |
| 293 » » » { |
| 294 » » » if (!crl->meth->crl_free(crl)) |
| 295 » » » » return 0; |
| 296 » » » } |
| 297 » » if (crl->akid) |
| 298 » » » AUTHORITY_KEYID_free(crl->akid); |
| 299 » » if (crl->idp) |
| 300 » » » ISSUING_DIST_POINT_free(crl->idp); |
| 301 » » ASN1_INTEGER_free(crl->crl_number); |
| 302 » » ASN1_INTEGER_free(crl->base_crl_number); |
| 303 » » sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); |
| 304 » » break; |
| 305 » » } |
| 306 » return 1; |
| 307 » } |
| 308 |
| 309 /* Convert IDP into a more convenient form */ |
| 310 |
| 311 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) |
| 312 » { |
| 313 » int idp_only = 0; |
| 314 » /* Set various flags according to IDP */ |
| 315 » crl->idp_flags |= IDP_PRESENT; |
| 316 » if (idp->onlyuser > 0) |
| 317 » » { |
| 318 » » idp_only++; |
| 319 » » crl->idp_flags |= IDP_ONLYUSER; |
| 320 » » } |
| 321 » if (idp->onlyCA > 0) |
| 322 » » { |
| 323 » » idp_only++; |
| 324 » » crl->idp_flags |= IDP_ONLYCA; |
| 325 » » } |
| 326 » if (idp->onlyattr > 0) |
| 327 » » { |
| 328 » » idp_only++; |
| 329 » » crl->idp_flags |= IDP_ONLYATTR; |
| 330 » » } |
| 331 |
| 332 » if (idp_only > 1) |
| 333 » » crl->idp_flags |= IDP_INVALID; |
| 334 |
| 335 » if (idp->indirectCRL > 0) |
| 336 » » crl->idp_flags |= IDP_INDIRECT; |
| 337 |
| 338 » if (idp->onlysomereasons) |
| 339 » » { |
| 340 » » crl->idp_flags |= IDP_REASONS; |
| 341 » » if (idp->onlysomereasons->length > 0) |
| 342 » » » crl->idp_reasons = idp->onlysomereasons->data[0]; |
| 343 » » if (idp->onlysomereasons->length > 1) |
| 344 » » » crl->idp_reasons |= |
| 345 » » » » (idp->onlysomereasons->data[1] << 8); |
| 346 » » crl->idp_reasons &= CRLDP_ALL_REASONS; |
| 347 » » } |
| 348 |
| 349 » DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); |
| 350 » } |
| 351 |
| 352 ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { |
105 ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), | 353 ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), |
106 ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), | 354 ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), |
107 ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) | 355 ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) |
108 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) | 356 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) |
109 | 357 |
110 IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) | 358 IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) |
111 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) | 359 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) |
112 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) | 360 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) |
113 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) | 361 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) |
114 | 362 |
(...skipping 12 matching lines...) Expand all Loading... |
127 if(!inf->revoked) | 375 if(!inf->revoked) |
128 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); | 376 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); |
129 if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { | 377 if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { |
130 ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); | 378 ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); |
131 return 0; | 379 return 0; |
132 } | 380 } |
133 inf->enc.modified = 1; | 381 inf->enc.modified = 1; |
134 return 1; | 382 return 1; |
135 } | 383 } |
136 | 384 |
| 385 int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) |
| 386 { |
| 387 if (crl->meth->crl_verify) |
| 388 return crl->meth->crl_verify(crl, r); |
| 389 return 0; |
| 390 } |
| 391 |
| 392 int X509_CRL_get0_by_serial(X509_CRL *crl, |
| 393 X509_REVOKED **ret, ASN1_INTEGER *serial) |
| 394 { |
| 395 if (crl->meth->crl_lookup) |
| 396 return crl->meth->crl_lookup(crl, ret, serial, NULL); |
| 397 return 0; |
| 398 } |
| 399 |
| 400 int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) |
| 401 { |
| 402 if (crl->meth->crl_lookup) |
| 403 return crl->meth->crl_lookup(crl, ret, |
| 404 X509_get_serialNumber(x), |
| 405 X509_get_issuer_name(x)); |
| 406 return 0; |
| 407 } |
| 408 |
| 409 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) |
| 410 { |
| 411 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), |
| 412 crl->sig_alg, crl->signature,crl->crl,r)); |
| 413 } |
| 414 |
| 415 static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, |
| 416 X509_REVOKED *rev) |
| 417 { |
| 418 int i; |
| 419 |
| 420 if (!rev->issuer) |
| 421 { |
| 422 if (!nm) |
| 423 return 1; |
| 424 if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) |
| 425 return 1; |
| 426 return 0; |
| 427 } |
| 428 |
| 429 if (!nm) |
| 430 nm = X509_CRL_get_issuer(crl); |
| 431 |
| 432 for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) |
| 433 { |
| 434 GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); |
| 435 if (gen->type != GEN_DIRNAME) |
| 436 continue; |
| 437 if (!X509_NAME_cmp(nm, gen->d.directoryName)) |
| 438 return 1; |
| 439 } |
| 440 return 0; |
| 441 |
| 442 } |
| 443 |
| 444 static int def_crl_lookup(X509_CRL *crl, |
| 445 X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) |
| 446 { |
| 447 X509_REVOKED rtmp, *rev; |
| 448 int idx; |
| 449 rtmp.serialNumber = serial; |
| 450 /* Sort revoked into serial number order if not already sorted. |
| 451 * Do this under a lock to avoid race condition. |
| 452 */ |
| 453 if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) |
| 454 { |
| 455 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); |
| 456 sk_X509_REVOKED_sort(crl->crl->revoked); |
| 457 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); |
| 458 } |
| 459 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); |
| 460 if(idx < 0) |
| 461 return 0; |
| 462 /* Need to look for matching name */ |
| 463 for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) |
| 464 { |
| 465 rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); |
| 466 if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) |
| 467 return 0; |
| 468 if (crl_revoked_issuer_match(crl, issuer, rev)) |
| 469 { |
| 470 if (ret) |
| 471 *ret = rev; |
| 472 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) |
| 473 return 2; |
| 474 return 1; |
| 475 } |
| 476 } |
| 477 return 0; |
| 478 } |
| 479 |
| 480 void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) |
| 481 { |
| 482 if (meth == NULL) |
| 483 default_crl_method = &int_crl_meth; |
| 484 else |
| 485 default_crl_method = meth; |
| 486 } |
| 487 |
| 488 X509_CRL_METHOD *X509_CRL_METHOD_new( |
| 489 int (*crl_init)(X509_CRL *crl), |
| 490 int (*crl_free)(X509_CRL *crl), |
| 491 int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, |
| 492 ASN1_INTEGER *ser, X509_NAME *issuer), |
| 493 int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)) |
| 494 { |
| 495 X509_CRL_METHOD *m; |
| 496 m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); |
| 497 if (!m) |
| 498 return NULL; |
| 499 m->crl_init = crl_init; |
| 500 m->crl_free = crl_free; |
| 501 m->crl_lookup = crl_lookup; |
| 502 m->crl_verify = crl_verify; |
| 503 m->flags = X509_CRL_METHOD_DYNAMIC; |
| 504 return m; |
| 505 } |
| 506 |
| 507 void X509_CRL_METHOD_free(X509_CRL_METHOD *m) |
| 508 { |
| 509 if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) |
| 510 return; |
| 511 OPENSSL_free(m); |
| 512 } |
| 513 |
| 514 void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) |
| 515 { |
| 516 crl->meth_data = dat; |
| 517 } |
| 518 |
| 519 void *X509_CRL_get_meth_data(X509_CRL *crl) |
| 520 { |
| 521 return crl->meth_data; |
| 522 } |
| 523 |
137 IMPLEMENT_STACK_OF(X509_REVOKED) | 524 IMPLEMENT_STACK_OF(X509_REVOKED) |
138 IMPLEMENT_ASN1_SET_OF(X509_REVOKED) | 525 IMPLEMENT_ASN1_SET_OF(X509_REVOKED) |
139 IMPLEMENT_STACK_OF(X509_CRL) | 526 IMPLEMENT_STACK_OF(X509_CRL) |
140 IMPLEMENT_ASN1_SET_OF(X509_CRL) | 527 IMPLEMENT_ASN1_SET_OF(X509_CRL) |
OLD | NEW |