155714Skris/* crypto/asn1/x_crl.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8296465Sdelphij * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15296465Sdelphij * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22296465Sdelphij * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37296465Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40296465Sdelphij * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52296465Sdelphij * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 5955714Skris#include <stdio.h> 6055714Skris#include "cryptlib.h" 61109998Smarkm#include <openssl/asn1t.h> 6255714Skris#include <openssl/x509.h> 6355714Skris 64296465Sdelphijstatic int X509_REVOKED_cmp(const X509_REVOKED *const *a, 65296465Sdelphij const X509_REVOKED *const *b); 6655714Skris 67109998SmarkmASN1_SEQUENCE(X509_REVOKED) = { 68296465Sdelphij ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), 69296465Sdelphij ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), 70296465Sdelphij ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) 71109998Smarkm} ASN1_SEQUENCE_END(X509_REVOKED) 7255714Skris 73296465Sdelphij/* 74296465Sdelphij * The X509_CRL_INFO structure needs a bit of customisation. Since we cache 75296465Sdelphij * the original encoding the signature wont be affected by reordering of the 76296465Sdelphij * revoked field. 77109998Smarkm */ 78109998Smarkmstatic int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 79109998Smarkm{ 80296465Sdelphij X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; 8155714Skris 82296465Sdelphij if (!a || !a->revoked) 83296465Sdelphij return 1; 84296465Sdelphij switch (operation) { 85296465Sdelphij /* 86296465Sdelphij * Just set cmp function here. We don't sort because that would 87296465Sdelphij * affect the output of X509_CRL_print(). 88296465Sdelphij */ 89296465Sdelphij case ASN1_OP_D2I_POST: 90296465Sdelphij (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); 91296465Sdelphij break; 92296465Sdelphij } 93296465Sdelphij return 1; 94109998Smarkm} 9555714Skris 9655714Skris 97142425SnectarASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { 98296465Sdelphij ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), 99296465Sdelphij ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), 100296465Sdelphij ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), 101296465Sdelphij ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), 102296465Sdelphij ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), 103296465Sdelphij ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), 104296465Sdelphij ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) 105142425Snectar} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) 10655714Skris 107109998SmarkmASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { 108296465Sdelphij ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), 109296465Sdelphij ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), 110296465Sdelphij ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) 111109998Smarkm} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) 11255714Skris 113109998SmarkmIMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) 114296465Sdelphij 115109998SmarkmIMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) 116296465Sdelphij 117109998SmarkmIMPLEMENT_ASN1_FUNCTIONS(X509_CRL) 118296465Sdelphij 119109998SmarkmIMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) 12055714Skris 121296465Sdelphijstatic int X509_REVOKED_cmp(const X509_REVOKED *const *a, 122296465Sdelphij const X509_REVOKED *const *b) 123296465Sdelphij{ 124296465Sdelphij return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, 125296465Sdelphij (ASN1_STRING *)(*b)->serialNumber)); 126296465Sdelphij} 12755714Skris 128109998Smarkmint X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) 129109998Smarkm{ 130296465Sdelphij X509_CRL_INFO *inf; 131296465Sdelphij inf = crl->crl; 132296465Sdelphij if (!inf->revoked) 133296465Sdelphij inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); 134296465Sdelphij if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { 135296465Sdelphij ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); 136296465Sdelphij return 0; 137296465Sdelphij } 138296465Sdelphij inf->enc.modified = 1; 139296465Sdelphij return 1; 140109998Smarkm} 141109998Smarkm 14255714SkrisIMPLEMENT_STACK_OF(X509_REVOKED) 143296465Sdelphij 14455714SkrisIMPLEMENT_ASN1_SET_OF(X509_REVOKED) 145296465Sdelphij 14655714SkrisIMPLEMENT_STACK_OF(X509_CRL) 147296465Sdelphij 14855714SkrisIMPLEMENT_ASN1_SET_OF(X509_CRL) 149