1 /* crypto/asn1/x_crl.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/asn1t.h> 62 #include <openssl/x509.h> 63 64 static int X509_REVOKED_cmp(const X509_REVOKED * const *a, 65 const X509_REVOKED * const *b); 66 static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, 67 const X509_REVOKED * const *b); 68 69 ASN1_SEQUENCE(X509_REVOKED) = { 70 ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), 71 ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), 72 ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) 73 } ASN1_SEQUENCE_END(X509_REVOKED) 74 75 /* The X509_CRL_INFO structure needs a bit of customisation. This is actually 76 * mirroring the old behaviour: its purpose is to allow the use of 77 * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately 78 * this will zap the original order and the signature so we keep a copy 79 * of the original positions and reorder appropriately before encoding. 80 * 81 * Might want to see if there's a better way of doing this later... 82 */ 83 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 84 { 85 X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; 86 int i; 87 int (*old_cmp)(const X509_REVOKED * const *, 88 const X509_REVOKED * const *); 89 90 if(!a || !a->revoked) return 1; 91 switch(operation) { 92 93 /* Save original order */ 94 case ASN1_OP_D2I_POST: 95 for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++) 96 sk_X509_REVOKED_value(a->revoked,i)->sequence=i; 97 sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); 98 break; 99 100 /* Restore original order */ 101 case ASN1_OP_I2D_PRE: 102 old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); 103 sk_X509_REVOKED_sort(a->revoked); 104 sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); 105 break; 106 } 107 return 1; 108 } 109 110 111 ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { 112 ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), 113 ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), 114 ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), 115 ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), 116 ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), 117 ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), 118 ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) 119 } ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO) 120 121 ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { 122 ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), 123 ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), 124 ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) 125 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) 126 127 IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) 128 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) 129 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) 130 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) 131 132 static int X509_REVOKED_cmp(const X509_REVOKED * const *a, 133 const X509_REVOKED * const *b) 134 { 135 return(ASN1_STRING_cmp( 136 (ASN1_STRING *)(*a)->serialNumber, 137 (ASN1_STRING *)(*b)->serialNumber)); 138 } 139 140 static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, 141 const X509_REVOKED * const *b) 142 { 143 return((*a)->sequence-(*b)->sequence); 144 } 145 146 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) 147 { 148 X509_CRL_INFO *inf; 149 inf = crl->crl; 150 if(!inf->revoked) 151 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); 152 if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { 153 ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); 154 return 0; 155 } 156 return 1; 157 } 158 159 IMPLEMENT_STACK_OF(X509_REVOKED) 160 IMPLEMENT_ASN1_SET_OF(X509_REVOKED) 161 IMPLEMENT_STACK_OF(X509_CRL) 162 IMPLEMENT_ASN1_SET_OF(X509_CRL) 163