summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/x_crl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/x_crl.c')
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c702
1 files changed, 0 insertions, 702 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
deleted file mode 100644
index 7ad8350f3d..0000000000
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ /dev/null
@@ -1,702 +0,0 @@
1/* $OpenBSD: x_crl.c,v 1.48 2025/02/27 20:13:41 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68#include "asn1_local.h"
69#include "x509_local.h"
70
71static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
72
73static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = {
74 {
75 .offset = offsetof(X509_REVOKED, serialNumber),
76 .field_name = "serialNumber",
77 .item = &ASN1_INTEGER_it,
78 },
79 {
80 .offset = offsetof(X509_REVOKED, revocationDate),
81 .field_name = "revocationDate",
82 .item = &ASN1_TIME_it,
83 },
84 {
85 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
86 .offset = offsetof(X509_REVOKED, extensions),
87 .field_name = "extensions",
88 .item = &X509_EXTENSION_it,
89 },
90};
91
92const ASN1_ITEM X509_REVOKED_it = {
93 .itype = ASN1_ITYPE_SEQUENCE,
94 .utype = V_ASN1_SEQUENCE,
95 .templates = X509_REVOKED_seq_tt,
96 .tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE),
97 .size = sizeof(X509_REVOKED),
98 .sname = "X509_REVOKED",
99};
100LCRYPTO_ALIAS(X509_REVOKED_it);
101
102static int
103X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
104{
105 return ASN1_INTEGER_cmp((*a)->serialNumber, (*b)->serialNumber);
106}
107
108/* The X509_CRL_INFO structure needs a bit of customisation.
109 * Since we cache the original encoding the signature wont be affected by
110 * reordering of the revoked field.
111 */
112static int
113crl_info_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
114{
115 X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
116
117 if (!a || !a->revoked)
118 return 1;
119 switch (operation) {
120 /* Just set cmp function here. We don't sort because that
121 * would affect the output of X509_CRL_print().
122 */
123 case ASN1_OP_D2I_POST:
124 (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
125 break;
126 }
127 return 1;
128}
129
130
131static const ASN1_AUX X509_CRL_INFO_aux = {
132 .flags = ASN1_AFLG_ENCODING,
133 .asn1_cb = crl_info_cb,
134 .enc_offset = offsetof(X509_CRL_INFO, enc),
135};
136static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = {
137 {
138 .flags = ASN1_TFLG_OPTIONAL,
139 .offset = offsetof(X509_CRL_INFO, version),
140 .field_name = "version",
141 .item = &ASN1_INTEGER_it,
142 },
143 {
144 .offset = offsetof(X509_CRL_INFO, sig_alg),
145 .field_name = "sig_alg",
146 .item = &X509_ALGOR_it,
147 },
148 {
149 .offset = offsetof(X509_CRL_INFO, issuer),
150 .field_name = "issuer",
151 .item = &X509_NAME_it,
152 },
153 {
154 .offset = offsetof(X509_CRL_INFO, lastUpdate),
155 .field_name = "lastUpdate",
156 .item = &ASN1_TIME_it,
157 },
158 {
159 .flags = ASN1_TFLG_OPTIONAL,
160 .offset = offsetof(X509_CRL_INFO, nextUpdate),
161 .field_name = "nextUpdate",
162 .item = &ASN1_TIME_it,
163 },
164 {
165 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
166 .offset = offsetof(X509_CRL_INFO, revoked),
167 .field_name = "revoked",
168 .item = &X509_REVOKED_it,
169 },
170 {
171 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
172 .offset = offsetof(X509_CRL_INFO, extensions),
173 .field_name = "extensions",
174 .item = &X509_EXTENSION_it,
175 },
176};
177
178const ASN1_ITEM X509_CRL_INFO_it = {
179 .itype = ASN1_ITYPE_SEQUENCE,
180 .utype = V_ASN1_SEQUENCE,
181 .templates = X509_CRL_INFO_seq_tt,
182 .tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
183 .funcs = &X509_CRL_INFO_aux,
184 .size = sizeof(X509_CRL_INFO),
185 .sname = "X509_CRL_INFO",
186};
187LCRYPTO_ALIAS(X509_CRL_INFO_it);
188
189/* Set CRL entry issuer according to CRL certificate issuer extension.
190 * Check for unhandled critical CRL entry extensions.
191 */
192
193static int
194crl_set_issuers(X509_CRL *crl)
195{
196 int i, j;
197 GENERAL_NAMES *gens, *gtmp;
198 STACK_OF(X509_REVOKED) *revoked;
199
200 revoked = X509_CRL_get_REVOKED(crl);
201
202 gens = NULL;
203 for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
204 X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
205 STACK_OF(X509_EXTENSION) *exts;
206 ASN1_ENUMERATED *reason;
207 X509_EXTENSION *ext;
208 gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
209 &j, NULL);
210 if (!gtmp && (j != -1)) {
211 crl->flags |= EXFLAG_INVALID;
212 return 1;
213 }
214
215 if (gtmp) {
216 gens = gtmp;
217 if (!crl->issuers) {
218 crl->issuers = sk_GENERAL_NAMES_new_null();
219 if (!crl->issuers)
220 return 0;
221 }
222 if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
223 return 0;
224 }
225 rev->issuer = gens;
226
227 reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
228 &j, NULL);
229 if (!reason && (j != -1)) {
230 crl->flags |= EXFLAG_INVALID;
231 return 1;
232 }
233
234 if (reason) {
235 rev->reason = ASN1_ENUMERATED_get(reason);
236 ASN1_ENUMERATED_free(reason);
237 } else
238 rev->reason = CRL_REASON_NONE;
239
240 /* Check for critical CRL entry extensions */
241
242 exts = rev->extensions;
243
244 for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
245 ext = sk_X509_EXTENSION_value(exts, j);
246 if (ext->critical > 0) {
247 if (OBJ_obj2nid(ext->object) ==
248 NID_certificate_issuer)
249 continue;
250 crl->flags |= EXFLAG_CRITICAL;
251 break;
252 }
253 }
254 }
255
256 return 1;
257}
258
259/* The X509_CRL structure needs a bit of customisation. Cache some extensions
260 * and hash of the whole CRL.
261 */
262static int
263crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
264{
265 X509_CRL *crl = (X509_CRL *)*pval;
266 STACK_OF(X509_EXTENSION) *exts;
267 X509_EXTENSION *ext;
268 int idx;
269 int rc = 1;
270
271 switch (operation) {
272 case ASN1_OP_NEW_POST:
273 crl->idp = NULL;
274 crl->akid = NULL;
275 crl->flags = 0;
276 crl->idp_flags = 0;
277 crl->idp_reasons = CRLDP_ALL_REASONS;
278 crl->issuers = NULL;
279 crl->crl_number = NULL;
280 crl->base_crl_number = NULL;
281 break;
282
283 case ASN1_OP_D2I_POST:
284 X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL);
285 crl->idp = X509_CRL_get_ext_d2i(crl,
286 NID_issuing_distribution_point, NULL, NULL);
287 if (crl->idp)
288 setup_idp(crl, crl->idp);
289
290 crl->akid = X509_CRL_get_ext_d2i(crl,
291 NID_authority_key_identifier, NULL, NULL);
292
293 crl->crl_number = X509_CRL_get_ext_d2i(crl,
294 NID_crl_number, NULL, NULL);
295
296 crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
297 NID_delta_crl, NULL, NULL);
298 /* Delta CRLs must have CRL number */
299 if (crl->base_crl_number && !crl->crl_number)
300 crl->flags |= EXFLAG_INVALID;
301
302 /* See if we have any unhandled critical CRL extensions and
303 * indicate this in a flag. We only currently handle IDP,
304 * AKID and deltas, so anything else critical sets the flag.
305 *
306 * This code accesses the X509_CRL structure directly:
307 * applications shouldn't do this.
308 */
309
310 exts = crl->crl->extensions;
311
312 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
313 int nid;
314 ext = sk_X509_EXTENSION_value(exts, idx);
315 nid = OBJ_obj2nid(ext->object);
316 if (nid == NID_freshest_crl)
317 crl->flags |= EXFLAG_FRESHEST;
318 if (ext->critical > 0) {
319 /* We handle IDP, AKID and deltas */
320 if (nid == NID_issuing_distribution_point ||
321 nid == NID_authority_key_identifier ||
322 nid == NID_delta_crl)
323 break;
324 crl->flags |= EXFLAG_CRITICAL;
325 break;
326 }
327 }
328
329 if (!crl_set_issuers(crl))
330 return 0;
331 break;
332
333 case ASN1_OP_FREE_POST:
334 AUTHORITY_KEYID_free(crl->akid);
335 ISSUING_DIST_POINT_free(crl->idp);
336 ASN1_INTEGER_free(crl->crl_number);
337 ASN1_INTEGER_free(crl->base_crl_number);
338 sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
339 break;
340 }
341 return rc;
342}
343
344/* Convert IDP into a more convenient form */
345
346static void
347setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
348{
349 int idp_only = 0;
350
351 /* Set various flags according to IDP */
352 crl->idp_flags |= IDP_PRESENT;
353 if (idp->onlyuser > 0) {
354 idp_only++;
355 crl->idp_flags |= IDP_ONLYUSER;
356 }
357 if (idp->onlyCA > 0) {
358 idp_only++;
359 crl->idp_flags |= IDP_ONLYCA;
360 }
361 if (idp->onlyattr > 0) {
362 idp_only++;
363 crl->idp_flags |= IDP_ONLYATTR;
364 }
365
366 if (idp_only > 1)
367 crl->idp_flags |= IDP_INVALID;
368
369 if (idp->indirectCRL > 0)
370 crl->idp_flags |= IDP_INDIRECT;
371
372 if (idp->onlysomereasons) {
373 crl->idp_flags |= IDP_REASONS;
374 if (idp->onlysomereasons->length > 0)
375 crl->idp_reasons = idp->onlysomereasons->data[0];
376 if (idp->onlysomereasons->length > 1)
377 crl->idp_reasons |=
378 (idp->onlysomereasons->data[1] << 8);
379 crl->idp_reasons &= CRLDP_ALL_REASONS;
380 }
381
382 DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
383}
384
385static const ASN1_AUX X509_CRL_aux = {
386 .app_data = NULL,
387 .flags = ASN1_AFLG_REFCOUNT,
388 .ref_offset = offsetof(X509_CRL, references),
389 .ref_lock = CRYPTO_LOCK_X509_CRL,
390 .asn1_cb = crl_cb,
391};
392static const ASN1_TEMPLATE X509_CRL_seq_tt[] = {
393 {
394 .offset = offsetof(X509_CRL, crl),
395 .field_name = "crl",
396 .item = &X509_CRL_INFO_it,
397 },
398 {
399 .offset = offsetof(X509_CRL, sig_alg),
400 .field_name = "sig_alg",
401 .item = &X509_ALGOR_it,
402 },
403 {
404 .offset = offsetof(X509_CRL, signature),
405 .field_name = "signature",
406 .item = &ASN1_BIT_STRING_it,
407 },
408};
409
410const ASN1_ITEM X509_CRL_it = {
411 .itype = ASN1_ITYPE_SEQUENCE,
412 .utype = V_ASN1_SEQUENCE,
413 .templates = X509_CRL_seq_tt,
414 .tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE),
415 .funcs = &X509_CRL_aux,
416 .size = sizeof(X509_CRL),
417 .sname = "X509_CRL",
418};
419LCRYPTO_ALIAS(X509_CRL_it);
420
421
422X509_REVOKED *
423d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len)
424{
425 return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
426 &X509_REVOKED_it);
427}
428LCRYPTO_ALIAS(d2i_X509_REVOKED);
429
430int
431i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out)
432{
433 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REVOKED_it);
434}
435LCRYPTO_ALIAS(i2d_X509_REVOKED);
436
437X509_REVOKED *
438X509_REVOKED_new(void)
439{
440 return (X509_REVOKED *)ASN1_item_new(&X509_REVOKED_it);
441}
442LCRYPTO_ALIAS(X509_REVOKED_new);
443
444void
445X509_REVOKED_free(X509_REVOKED *a)
446{
447 ASN1_item_free((ASN1_VALUE *)a, &X509_REVOKED_it);
448}
449LCRYPTO_ALIAS(X509_REVOKED_free);
450
451X509_REVOKED *
452X509_REVOKED_dup(X509_REVOKED *a)
453{
454 return ASN1_item_dup(&X509_REVOKED_it, a);
455}
456LCRYPTO_ALIAS(X509_REVOKED_dup);
457
458X509_CRL_INFO *
459d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
460{
461 return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
462 &X509_CRL_INFO_it);
463}
464LCRYPTO_ALIAS(d2i_X509_CRL_INFO);
465
466int
467i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out)
468{
469 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_INFO_it);
470}
471LCRYPTO_ALIAS(i2d_X509_CRL_INFO);
472
473X509_CRL_INFO *
474X509_CRL_INFO_new(void)
475{
476 return (X509_CRL_INFO *)ASN1_item_new(&X509_CRL_INFO_it);
477}
478LCRYPTO_ALIAS(X509_CRL_INFO_new);
479
480void
481X509_CRL_INFO_free(X509_CRL_INFO *a)
482{
483 ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_INFO_it);
484}
485LCRYPTO_ALIAS(X509_CRL_INFO_free);
486
487X509_CRL *
488d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len)
489{
490 return (X509_CRL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
491 &X509_CRL_it);
492}
493LCRYPTO_ALIAS(d2i_X509_CRL);
494
495int
496i2d_X509_CRL(X509_CRL *a, unsigned char **out)
497{
498 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_it);
499}
500LCRYPTO_ALIAS(i2d_X509_CRL);
501
502X509_CRL *
503X509_CRL_new(void)
504{
505 return (X509_CRL *)ASN1_item_new(&X509_CRL_it);
506}
507LCRYPTO_ALIAS(X509_CRL_new);
508
509void
510X509_CRL_free(X509_CRL *a)
511{
512 ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_it);
513}
514LCRYPTO_ALIAS(X509_CRL_free);
515
516X509_CRL *
517X509_CRL_dup(X509_CRL *x)
518{
519 return ASN1_item_dup(&X509_CRL_it, x);
520}
521LCRYPTO_ALIAS(X509_CRL_dup);
522
523int
524X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
525{
526 X509_CRL_INFO *inf;
527
528 inf = crl->crl;
529 if (!inf->revoked)
530 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
531 if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
532 ASN1error(ERR_R_MALLOC_FAILURE);
533 return 0;
534 }
535 inf->enc.modified = 1;
536 return 1;
537}
538LCRYPTO_ALIAS(X509_CRL_add0_revoked);
539
540int
541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey)
542{
543 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature,
544 crl->crl, pkey);
545}
546LCRYPTO_ALIAS(X509_CRL_verify);
547
548static int
549crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
550{
551 int i;
552
553 if (!rev->issuer) {
554 if (!nm)
555 return 1;
556 if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
557 return 1;
558 return 0;
559 }
560
561 if (!nm)
562 nm = X509_CRL_get_issuer(crl);
563
564 for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
565 GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
566 if (gen->type != GEN_DIRNAME)
567 continue;
568 if (!X509_NAME_cmp(nm, gen->d.directoryName))
569 return 1;
570 }
571 return 0;
572
573}
574
575static int
576crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
577 X509_NAME *issuer)
578{
579 X509_REVOKED rtmp, *rev;
580 int idx;
581
582 rtmp.serialNumber = serial;
583 if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
584 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
585 sk_X509_REVOKED_sort(crl->crl->revoked);
586 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
587 }
588 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
589 if (idx < 0)
590 return 0;
591 /* Need to look for matching name */
592 for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
593 rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
594 if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
595 return 0;
596 if (crl_revoked_issuer_match(crl, issuer, rev)) {
597 if (ret)
598 *ret = rev;
599 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
600 return 2;
601 return 1;
602 }
603 }
604 return 0;
605}
606
607int
608X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
609 ASN1_INTEGER *serial)
610{
611 return crl_lookup(crl, ret, serial, NULL);
612}
613LCRYPTO_ALIAS(X509_CRL_get0_by_serial);
614
615int
616X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
617{
618 return crl_lookup(crl, ret, X509_get_serialNumber(x),
619 X509_get_issuer_name(x));
620}
621LCRYPTO_ALIAS(X509_CRL_get0_by_cert);
622
623int
624X509_CRL_get_signature_nid(const X509_CRL *crl)
625{
626 return OBJ_obj2nid(crl->sig_alg->algorithm);
627}
628LCRYPTO_ALIAS(X509_CRL_get_signature_nid);
629
630const STACK_OF(X509_EXTENSION) *
631X509_CRL_get0_extensions(const X509_CRL *crl)
632{
633 return crl->crl->extensions;
634}
635LCRYPTO_ALIAS(X509_CRL_get0_extensions);
636
637long
638X509_CRL_get_version(const X509_CRL *crl)
639{
640 return ASN1_INTEGER_get(crl->crl->version);
641}
642LCRYPTO_ALIAS(X509_CRL_get_version);
643
644const ASN1_TIME *
645X509_CRL_get0_lastUpdate(const X509_CRL *crl)
646{
647 return crl->crl->lastUpdate;
648}
649LCRYPTO_ALIAS(X509_CRL_get0_lastUpdate);
650
651ASN1_TIME *
652X509_CRL_get_lastUpdate(X509_CRL *crl)
653{
654 return crl->crl->lastUpdate;
655}
656LCRYPTO_ALIAS(X509_CRL_get_lastUpdate);
657
658const ASN1_TIME *
659X509_CRL_get0_nextUpdate(const X509_CRL *crl)
660{
661 return crl->crl->nextUpdate;
662}
663LCRYPTO_ALIAS(X509_CRL_get0_nextUpdate);
664
665ASN1_TIME *
666X509_CRL_get_nextUpdate(X509_CRL *crl)
667{
668 return crl->crl->nextUpdate;
669}
670LCRYPTO_ALIAS(X509_CRL_get_nextUpdate);
671
672X509_NAME *
673X509_CRL_get_issuer(const X509_CRL *crl)
674{
675 return crl->crl->issuer;
676}
677LCRYPTO_ALIAS(X509_CRL_get_issuer);
678
679STACK_OF(X509_REVOKED) *
680X509_CRL_get_REVOKED(X509_CRL *crl)
681{
682 return crl->crl->revoked;
683}
684LCRYPTO_ALIAS(X509_CRL_get_REVOKED);
685
686void
687X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
688 const X509_ALGOR **palg)
689{
690 if (psig != NULL)
691 *psig = crl->signature;
692 if (palg != NULL)
693 *palg = crl->sig_alg;
694}
695LCRYPTO_ALIAS(X509_CRL_get0_signature);
696
697const X509_ALGOR *
698X509_CRL_get0_tbs_sigalg(const X509_CRL *crl)
699{
700 return crl->crl->sig_alg;
701}
702LCRYPTO_ALIAS(X509_CRL_get0_tbs_sigalg);