Branch data Line data Source code
1 : : /* crypto/asn1/x_crl.c */
2 : : /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 : : * All rights reserved.
4 : : *
5 : : * This package is an SSL implementation written
6 : : * by Eric Young (eay@cryptsoft.com).
7 : : * The implementation was written so as to conform with Netscapes SSL.
8 : : *
9 : : * This library is free for commercial and non-commercial use as long as
10 : : * the following conditions are aheared to. The following conditions
11 : : * apply to all code found in this distribution, be it the RC4, RSA,
12 : : * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 : : * included with this distribution is covered by the same copyright terms
14 : : * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 : : *
16 : : * Copyright remains Eric Young's, and as such any Copyright notices in
17 : : * the code are not to be removed.
18 : : * If this package is used in a product, Eric Young should be given attribution
19 : : * as the author of the parts of the library used.
20 : : * This can be in the form of a textual message at program startup or
21 : : * in documentation (online or textual) provided with the package.
22 : : *
23 : : * Redistribution and use in source and binary forms, with or without
24 : : * modification, are permitted provided that the following conditions
25 : : * are met:
26 : : * 1. Redistributions of source code must retain the copyright
27 : : * notice, this list of conditions and the following disclaimer.
28 : : * 2. Redistributions in binary form must reproduce the above copyright
29 : : * notice, this list of conditions and the following disclaimer in the
30 : : * documentation and/or other materials provided with the distribution.
31 : : * 3. All advertising materials mentioning features or use of this software
32 : : * must display the following acknowledgement:
33 : : * "This product includes cryptographic software written by
34 : : * Eric Young (eay@cryptsoft.com)"
35 : : * The word 'cryptographic' can be left out if the rouines from the library
36 : : * being used are not cryptographic related :-).
37 : : * 4. If you include any Windows specific code (or a derivative thereof) from
38 : : * the apps directory (application code) you must include an acknowledgement:
39 : : * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 : : *
41 : : * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 : : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 : : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 : : * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 : : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 : : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 : : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 : : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 : : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 : : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 : : * SUCH DAMAGE.
52 : : *
53 : : * The licence and distribution terms for any publically available version or
54 : : * derivative of this code cannot be changed. i.e. this code cannot simply be
55 : : * copied and put under another distribution licence
56 : : * [including the GNU Public Licence.]
57 : : */
58 : :
59 : : #include <stdio.h>
60 : : #include "cryptlib.h"
61 : : #include <openssl/asn1t.h>
62 : : #include "asn1_locl.h"
63 : : #include <openssl/x509.h>
64 : : #include <openssl/x509v3.h>
65 : :
66 : : static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
67 : : const X509_REVOKED * const *b);
68 : : static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
69 : :
70 : : ASN1_SEQUENCE(X509_REVOKED) = {
71 : : ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
72 : : ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
73 : : ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
74 : : } ASN1_SEQUENCE_END(X509_REVOKED)
75 : :
76 : : static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
77 : : static int def_crl_lookup(X509_CRL *crl,
78 : : X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
79 : :
80 : : static X509_CRL_METHOD int_crl_meth =
81 : : {
82 : : 0,
83 : : 0,0,
84 : : def_crl_lookup,
85 : : def_crl_verify
86 : : };
87 : :
88 : : static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
89 : :
90 : : /* The X509_CRL_INFO structure needs a bit of customisation.
91 : : * Since we cache the original encoding the signature wont be affected by
92 : : * reordering of the revoked field.
93 : : */
94 : 108 : static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
95 : : void *exarg)
96 : : {
97 : 108 : X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
98 : :
99 [ + + ][ + + ]: 108 : if(!a || !a->revoked) return 1;
100 [ + + ]: 12 : switch(operation) {
101 : : /* Just set cmp function here. We don't sort because that
102 : : * would affect the output of X509_CRL_print().
103 : : */
104 : : case ASN1_OP_D2I_POST:
105 : 6 : (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
106 : 6 : break;
107 : : }
108 : : return 1;
109 : : }
110 : :
111 : :
112 : : ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
113 : : ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
114 : : ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
115 : : ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
116 : : ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
117 : : ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
118 : : ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
119 : : ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
120 : : } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
121 : :
122 : : /* Set CRL entry issuer according to CRL certificate issuer extension.
123 : : * Check for unhandled critical CRL entry extensions.
124 : : */
125 : :
126 : 18 : static int crl_set_issuers(X509_CRL *crl)
127 : : {
128 : :
129 : : int i, j;
130 : : GENERAL_NAMES *gens, *gtmp;
131 : : STACK_OF(X509_REVOKED) *revoked;
132 : :
133 : 18 : revoked = X509_CRL_get_REVOKED(crl);
134 : :
135 : 18 : gens = NULL;
136 [ + + ]: 108 : for (i = 0; i < sk_X509_REVOKED_num(revoked); i++)
137 : : {
138 : 90 : X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
139 : : STACK_OF(X509_EXTENSION) *exts;
140 : : ASN1_ENUMERATED *reason;
141 : : X509_EXTENSION *ext;
142 : 90 : gtmp = X509_REVOKED_get_ext_d2i(rev,
143 : : NID_certificate_issuer,
144 : : &j, NULL);
145 [ + - ][ - + ]: 90 : if (!gtmp && (j != -1))
146 : : {
147 : 0 : crl->flags |= EXFLAG_INVALID;
148 : 0 : return 1;
149 : : }
150 : :
151 [ - + ]: 90 : if (gtmp)
152 : : {
153 : 0 : gens = gtmp;
154 [ # # ]: 0 : if (!crl->issuers)
155 : : {
156 : 0 : crl->issuers = sk_GENERAL_NAMES_new_null();
157 [ # # ]: 0 : if (!crl->issuers)
158 : : return 0;
159 : : }
160 [ # # ]: 0 : if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
161 : : return 0;
162 : : }
163 : 90 : rev->issuer = gens;
164 : :
165 : 90 : reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
166 : : &j, NULL);
167 [ + - ][ - + ]: 90 : if (!reason && (j != -1))
168 : : {
169 : 0 : crl->flags |= EXFLAG_INVALID;
170 : 0 : return 1;
171 : : }
172 : :
173 [ - + ]: 90 : if (reason)
174 : : {
175 : 0 : rev->reason = ASN1_ENUMERATED_get(reason);
176 : 0 : ASN1_ENUMERATED_free(reason);
177 : : }
178 : : else
179 : 90 : rev->reason = CRL_REASON_NONE;
180 : :
181 : : /* Check for critical CRL entry extensions */
182 : :
183 : 90 : exts = rev->extensions;
184 : :
185 [ - + ]: 90 : for (j = 0; j < sk_X509_EXTENSION_num(exts); j++)
186 : : {
187 : 0 : ext = sk_X509_EXTENSION_value(exts, j);
188 [ # # ]: 0 : if (ext->critical > 0)
189 : : {
190 [ # # ]: 0 : if (OBJ_obj2nid(ext->object) ==
191 : : NID_certificate_issuer)
192 : 0 : continue;
193 : 0 : crl->flags |= EXFLAG_CRITICAL;
194 : 0 : break;
195 : : }
196 : : }
197 : :
198 : :
199 : : }
200 : :
201 : : return 1;
202 : :
203 : : }
204 : :
205 : : /* The X509_CRL structure needs a bit of customisation. Cache some extensions
206 : : * and hash of the whole CRL.
207 : : */
208 : 264 : static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
209 : : void *exarg)
210 : : {
211 : 264 : X509_CRL *crl = (X509_CRL *)*pval;
212 : : STACK_OF(X509_EXTENSION) *exts;
213 : : X509_EXTENSION *ext;
214 : : int idx;
215 : :
216 [ + + + + ]: 264 : switch(operation)
217 : : {
218 : : case ASN1_OP_NEW_POST:
219 : 18 : crl->idp = NULL;
220 : 18 : crl->akid = NULL;
221 : 18 : crl->flags = 0;
222 : 18 : crl->idp_flags = 0;
223 : 18 : crl->idp_reasons = CRLDP_ALL_REASONS;
224 : 18 : crl->meth = default_crl_method;
225 : 18 : crl->meth_data = NULL;
226 : 18 : crl->issuers = NULL;
227 : 18 : crl->crl_number = NULL;
228 : 18 : crl->base_crl_number = NULL;
229 : 18 : break;
230 : :
231 : : case ASN1_OP_D2I_POST:
232 : : #ifndef OPENSSL_NO_SHA
233 : 18 : X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
234 : : #endif
235 : 18 : crl->idp = X509_CRL_get_ext_d2i(crl,
236 : : NID_issuing_distribution_point, NULL, NULL);
237 [ - + ]: 18 : if (crl->idp)
238 : 0 : setup_idp(crl, crl->idp);
239 : :
240 : 18 : crl->akid = X509_CRL_get_ext_d2i(crl,
241 : : NID_authority_key_identifier, NULL, NULL);
242 : :
243 : 18 : crl->crl_number = X509_CRL_get_ext_d2i(crl,
244 : : NID_crl_number, NULL, NULL);
245 : :
246 : 18 : crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
247 : : NID_delta_crl, NULL, NULL);
248 : : /* Delta CRLs must have CRL number */
249 [ - + ][ # # ]: 18 : if (crl->base_crl_number && !crl->crl_number)
250 : 0 : crl->flags |= EXFLAG_INVALID;
251 : :
252 : : /* See if we have any unhandled critical CRL extensions and
253 : : * indicate this in a flag. We only currently handle IDP so
254 : : * anything else critical sets the flag.
255 : : *
256 : : * This code accesses the X509_CRL structure directly:
257 : : * applications shouldn't do this.
258 : : */
259 : :
260 : 18 : exts = crl->crl->extensions;
261 : :
262 [ - + ]: 18 : for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
263 : : {
264 : : int nid;
265 : 0 : ext = sk_X509_EXTENSION_value(exts, idx);
266 : 0 : nid = OBJ_obj2nid(ext->object);
267 [ # # ]: 0 : if (nid == NID_freshest_crl)
268 : 0 : crl->flags |= EXFLAG_FRESHEST;
269 [ # # ]: 0 : if (ext->critical > 0)
270 : : {
271 : : /* We handle IDP and deltas */
272 [ # # ]: 0 : if ((nid == NID_issuing_distribution_point)
273 : 0 : || (nid == NID_authority_key_identifier)
274 [ # # ]: 0 : || (nid == NID_delta_crl))
275 : : break;;
276 : 0 : crl->flags |= EXFLAG_CRITICAL;
277 : 0 : break;
278 : : }
279 : : }
280 : :
281 : :
282 [ + - ]: 18 : if (!crl_set_issuers(crl))
283 : : return 0;
284 : :
285 [ - + ]: 18 : if (crl->meth->crl_init)
286 : : {
287 [ # # ]: 0 : if (crl->meth->crl_init(crl) == 0)
288 : : return 0;
289 : : }
290 : : break;
291 : :
292 : : case ASN1_OP_FREE_POST:
293 [ - + ]: 18 : if (crl->meth->crl_free)
294 : : {
295 [ # # ]: 0 : if (!crl->meth->crl_free(crl))
296 : : return 0;
297 : : }
298 [ - + ]: 18 : if (crl->akid)
299 : 0 : AUTHORITY_KEYID_free(crl->akid);
300 [ - + ]: 18 : if (crl->idp)
301 : 0 : ISSUING_DIST_POINT_free(crl->idp);
302 : 18 : ASN1_INTEGER_free(crl->crl_number);
303 : 18 : ASN1_INTEGER_free(crl->base_crl_number);
304 : 18 : sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
305 : 18 : break;
306 : : }
307 : : return 1;
308 : : }
309 : :
310 : : /* Convert IDP into a more convenient form */
311 : :
312 : 0 : static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
313 : : {
314 : 0 : int idp_only = 0;
315 : : /* Set various flags according to IDP */
316 : 0 : crl->idp_flags |= IDP_PRESENT;
317 [ # # ]: 0 : if (idp->onlyuser > 0)
318 : : {
319 : 0 : idp_only++;
320 : 0 : crl->idp_flags |= IDP_ONLYUSER;
321 : : }
322 [ # # ]: 0 : if (idp->onlyCA > 0)
323 : : {
324 : 0 : idp_only++;
325 : 0 : crl->idp_flags |= IDP_ONLYCA;
326 : : }
327 [ # # ]: 0 : if (idp->onlyattr > 0)
328 : : {
329 : 0 : idp_only++;
330 : 0 : crl->idp_flags |= IDP_ONLYATTR;
331 : : }
332 : :
333 [ # # ]: 0 : if (idp_only > 1)
334 : 0 : crl->idp_flags |= IDP_INVALID;
335 : :
336 [ # # ]: 0 : if (idp->indirectCRL > 0)
337 : 0 : crl->idp_flags |= IDP_INDIRECT;
338 : :
339 [ # # ]: 0 : if (idp->onlysomereasons)
340 : : {
341 : 0 : crl->idp_flags |= IDP_REASONS;
342 [ # # ]: 0 : if (idp->onlysomereasons->length > 0)
343 : 0 : crl->idp_reasons = idp->onlysomereasons->data[0];
344 [ # # ]: 0 : if (idp->onlysomereasons->length > 1)
345 : 0 : crl->idp_reasons |=
346 : 0 : (idp->onlysomereasons->data[1] << 8);
347 : 0 : crl->idp_reasons &= CRLDP_ALL_REASONS;
348 : : }
349 : :
350 : 0 : DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
351 : 0 : }
352 : :
353 : : ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
354 : : ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
355 : : ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
356 : : ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
357 : : } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
358 : :
359 : 0 : IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
360 : 0 : IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED)
361 : 0 : IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
362 : 36 : IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
363 : 0 : IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
364 : :
365 : 0 : static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
366 : : const X509_REVOKED * const *b)
367 : : {
368 : 0 : return(ASN1_STRING_cmp(
369 : 0 : (ASN1_STRING *)(*a)->serialNumber,
370 : 0 : (ASN1_STRING *)(*b)->serialNumber));
371 : : }
372 : :
373 : 0 : int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
374 : : {
375 : : X509_CRL_INFO *inf;
376 : 0 : inf = crl->crl;
377 [ # # ]: 0 : if(!inf->revoked)
378 : 0 : inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
379 [ # # ][ # # ]: 0 : if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
380 : 0 : ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
381 : 0 : return 0;
382 : : }
383 : 0 : inf->enc.modified = 1;
384 : 0 : return 1;
385 : : }
386 : :
387 : 0 : int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
388 : : {
389 [ # # ]: 0 : if (crl->meth->crl_verify)
390 : 0 : return crl->meth->crl_verify(crl, r);
391 : : return 0;
392 : : }
393 : :
394 : 0 : int X509_CRL_get0_by_serial(X509_CRL *crl,
395 : : X509_REVOKED **ret, ASN1_INTEGER *serial)
396 : : {
397 [ # # ]: 0 : if (crl->meth->crl_lookup)
398 : 0 : return crl->meth->crl_lookup(crl, ret, serial, NULL);
399 : : return 0;
400 : : }
401 : :
402 : 0 : int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
403 : : {
404 [ # # ]: 0 : if (crl->meth->crl_lookup)
405 : 0 : return crl->meth->crl_lookup(crl, ret,
406 : : X509_get_serialNumber(x),
407 : : X509_get_issuer_name(x));
408 : : return 0;
409 : : }
410 : :
411 : 0 : static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
412 : : {
413 : 0 : return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
414 : 0 : crl->sig_alg, crl->signature,crl->crl,r));
415 : : }
416 : :
417 : 0 : static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
418 : : X509_REVOKED *rev)
419 : : {
420 : : int i;
421 : :
422 [ # # ]: 0 : if (!rev->issuer)
423 : : {
424 [ # # ]: 0 : if (!nm)
425 : : return 1;
426 [ # # ]: 0 : if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
427 : : return 1;
428 : : return 0;
429 : : }
430 : :
431 [ # # ]: 0 : if (!nm)
432 : 0 : nm = X509_CRL_get_issuer(crl);
433 : :
434 [ # # ]: 0 : for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++)
435 : : {
436 : 0 : GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
437 [ # # ]: 0 : if (gen->type != GEN_DIRNAME)
438 : 0 : continue;
439 [ # # ]: 0 : if (!X509_NAME_cmp(nm, gen->d.directoryName))
440 : : return 1;
441 : : }
442 : : return 0;
443 : :
444 : : }
445 : :
446 : 0 : static int def_crl_lookup(X509_CRL *crl,
447 : : X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
448 : : {
449 : : X509_REVOKED rtmp, *rev;
450 : : int idx;
451 : 0 : rtmp.serialNumber = serial;
452 : : /* Sort revoked into serial number order if not already sorted.
453 : : * Do this under a lock to avoid race condition.
454 : : */
455 [ # # ]: 0 : if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
456 : : {
457 : 0 : CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
458 : 0 : sk_X509_REVOKED_sort(crl->crl->revoked);
459 : 0 : CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
460 : : }
461 : 0 : idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
462 [ # # ]: 0 : if(idx < 0)
463 : : return 0;
464 : : /* Need to look for matching name */
465 [ # # ]: 0 : for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++)
466 : : {
467 : 0 : rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
468 [ # # ]: 0 : if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
469 : : return 0;
470 [ # # ]: 0 : if (crl_revoked_issuer_match(crl, issuer, rev))
471 : : {
472 [ # # ]: 0 : if (ret)
473 : 0 : *ret = rev;
474 [ # # ]: 0 : if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
475 : : return 2;
476 : 0 : return 1;
477 : : }
478 : : }
479 : : return 0;
480 : : }
481 : :
482 : 0 : void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
483 : : {
484 [ # # ]: 0 : if (meth == NULL)
485 : 0 : default_crl_method = &int_crl_meth;
486 : : else
487 : 0 : default_crl_method = meth;
488 : 0 : }
489 : :
490 : 0 : X509_CRL_METHOD *X509_CRL_METHOD_new(
491 : : int (*crl_init)(X509_CRL *crl),
492 : : int (*crl_free)(X509_CRL *crl),
493 : : int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
494 : : ASN1_INTEGER *ser, X509_NAME *issuer),
495 : : int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
496 : : {
497 : : X509_CRL_METHOD *m;
498 : 0 : m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
499 [ # # ]: 0 : if (!m)
500 : : return NULL;
501 : 0 : m->crl_init = crl_init;
502 : 0 : m->crl_free = crl_free;
503 : 0 : m->crl_lookup = crl_lookup;
504 : 0 : m->crl_verify = crl_verify;
505 : 0 : m->flags = X509_CRL_METHOD_DYNAMIC;
506 : 0 : return m;
507 : : }
508 : :
509 : 0 : void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
510 : : {
511 [ # # ]: 0 : if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
512 : 0 : return;
513 : 0 : OPENSSL_free(m);
514 : : }
515 : :
516 : 0 : void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
517 : : {
518 : 0 : crl->meth_data = dat;
519 : 0 : }
520 : :
521 : 0 : void *X509_CRL_get_meth_data(X509_CRL *crl)
522 : : {
523 : 0 : return crl->meth_data;
524 : : }
525 : :
526 : : IMPLEMENT_STACK_OF(X509_REVOKED)
527 : : IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
528 : : IMPLEMENT_STACK_OF(X509_CRL)
529 : : IMPLEMENT_ASN1_SET_OF(X509_CRL)
|
