Home | History | Annotate | Download | only in x509

Lines Matching refs:crl

71  * Method to handle CRL access. In general a CRL could be very large (several
73  * multiple processes. This method allows general CRL operations to be
74  * redirected to more efficient callbacks: for example a CRL entry database.
81     int (*crl_init) (X509_CRL *crl);
82     int (*crl_free) (X509_CRL *crl);
83     int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
85     int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
89 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
97 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
98 static int def_crl_lookup(X509_CRL *crl,
147  * Set CRL entry issuer according to CRL certificate issuer extension. Check
148  * for unhandled critical CRL entry extensions.
151 static int crl_set_issuers(X509_CRL *crl)
159     revoked = X509_CRL_get_REVOKED(crl);
170             crl->flags |= EXFLAG_INVALID;
176             if (!crl->issuers) {
177                 crl->issuers = sk_GENERAL_NAMES_new_null();
178                 if (!crl->issuers)
181             if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
188             crl->flags |= EXFLAG_INVALID;
198         /* Check for critical CRL entry extensions */
207                 crl->flags |= EXFLAG_CRITICAL;
220  * and hash of the whole CRL.
225     X509_CRL *crl = (X509_CRL *)*pval;
232         crl->idp = NULL;
233         crl->akid = NULL;
234         crl->flags = 0;
235         crl->idp_flags = 0;
236         crl->idp_reasons = CRLDP_ALL_REASONS;
237         crl->meth = default_crl_method;
238         crl->meth_data = NULL;
239         crl->issuers = NULL;
240         crl->crl_number = NULL;
241         crl->base_crl_number = NULL;
245         X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
246         crl->idp = X509_CRL_get_ext_d2i(crl,
249         if (crl->idp)
250             setup_idp(crl, crl->idp);
252         crl->akid = X509_CRL_get_ext_d2i(crl,
256         crl->crl_number = X509_CRL_get_ext_d2i(crl,
259         crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
262         /* Delta CRLs must have CRL number */
263         if (crl->base_crl_number && !crl->crl_number)
264             crl->flags |= EXFLAG_INVALID;
267          * See if we have any unhandled critical CRL extensions and indicate
273         exts = crl->crl->extensions;
280                 crl->flags |= EXFLAG_FRESHEST;
287                 crl->flags |= EXFLAG_CRITICAL;
292         if (!crl_set_issuers(crl))
295         if (crl->meth->crl_init) {
296             if (crl->meth->crl_init(crl) == 0)
302         /* |crl->meth| may be NULL if constructing the object failed before
304         if (crl->meth && crl->meth->crl_free) {
305             if (!crl->meth->crl_free(crl))
308         if (crl->akid)
309             AUTHORITY_KEYID_free(crl->akid);
310         if (crl->idp)
311             ISSUING_DIST_POINT_free(crl->idp);
312         ASN1_INTEGER_free(crl->crl_number);
313         ASN1_INTEGER_free(crl->base_crl_number);
314         sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
322 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
326     crl->idp_flags |= IDP_PRESENT;
329         crl->idp_flags |= IDP_ONLYUSER;
333         crl->idp_flags |= IDP_ONLYCA;
337         crl->idp_flags |= IDP_ONLYATTR;
341         crl->idp_flags |= IDP_INVALID;
344         crl->idp_flags |= IDP_INDIRECT;
347         crl->idp_flags |= IDP_REASONS;
349             crl->idp_reasons = idp->onlysomereasons->data[0];
351             crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
352         crl->idp_reasons &= CRLDP_ALL_REASONS;
355     DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
359         ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
378 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
381     inf = crl->crl;
392 int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
394     if (crl->meth->crl_verify)
395         return crl->meth->crl_verify(crl, r);
399 int X509_CRL_get0_by_serial(X509_CRL *crl,
402     if (crl->meth->crl_lookup)
403         return crl->meth->crl_lookup(crl, ret, serial, NULL);
407 int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
409     if (crl->meth->crl_lookup)
410         return crl->meth->crl_lookup(crl, ret,
416 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
419                              crl->sig_alg, crl->signature, crl->crl, r));
422 static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
430         if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
436         nm = X509_CRL_get_issuer(crl);
451 static int def_crl_lookup(X509_CRL *crl,
464     const int is_sorted = sk_X509_REVOKED_is_sorted(crl->crl->revoked);
469         if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
470             sk_X509_REVOKED_sort(crl->crl->revoked);
475     if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp))
478     for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
479         rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
482 crl, issuer, rev)) {
501 X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
502                                      int (*crl_free) (X509_CRL *crl),
503                                      int (*crl_lookup) (X509_CRL *crl,
507                                      int (*crl_verify) (X509_CRL *crl,
529 void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
531     crl->meth_data = dat;
534 void *X509_CRL_get_meth_data(X509_CRL *crl)
536     return crl->meth_data;