1 files changed, 90 insertions, 281 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 13acdab427..11fce96825 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -58,296 +58,105 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1t.h>
-#include "x509.h"
+#include <openssl/x509.h>
-/*
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
- * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);
+                                const X509_REVOKED * const *b);
- * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
- * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);
+                                const X509_REVOKED * const *b);
- * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
+ASN1_SEQUENCE(X509_REVOKED) = {
- * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);
+        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
 */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-#ifndef NOPROTO
+{
-static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
+        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
-#else
-static int X509_REVOKED_cmp();
-static int X509_REVOKED_seq_cmp();
-#endif
-int i2d_X509_REVOKED(a,pp)
-X509_REVOKED *a;
-unsigned char **pp;
-        {
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
-        M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
-        M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-        M_ASN1_I2D_finish();
-        }
-X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
-X509_REVOKED **a;
-unsigned char **pp;
-long length;
-        {
-        M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
-        M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
-        M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-        }
-int i2d_X509_CRL_INFO(a,pp)
-X509_CRL_INFO *a;
-unsigned char **pp;
-        {
-        int v1=0;
-        long l=0;
-        M_ASN1_I2D_vars(a);
-        if (sk_num(a->revoked) != 0)
-                qsort((char *)a->revoked->data,sk_num(a->revoked),
-                        sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
-        if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-                {
-                M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-                }
-        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-        M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
-        if (a->nextUpdate != NULL)
-                { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
-        M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-        M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-                V_ASN1_SEQUENCE,v1);
-        M_ASN1_I2D_seq_total();
-        if ((a->version != NULL) && (l != 0))
-                {
-                M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-                }
-        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-        M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
-        if (a->nextUpdate != NULL)
-                { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
-        M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-        M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-                V_ASN1_SEQUENCE,v1);
-        M_ASN1_I2D_finish();
-        }
-X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
-X509_CRL_INFO **a;
-unsigned char **pp;
-long length;
-        {
-        int i,ver=0;
-        M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-        if (ret->version != NULL)
-                ver=ret->version->data[0];
-        
-        if ((ver == 0) && (ret->version != NULL))
-                {
-                ASN1_INTEGER_free(ret->version);
-                ret->version=NULL;
-                }
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-        M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-        M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
-        if (ret->revoked != NULL)
-                {
-                while (sk_num(ret->revoked))
-                        X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
-                }
-        M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
-        if (ret->revoked != NULL)
-                {
-                for (i=0; i<sk_num(ret->revoked); i++)
-                        {
-                        ((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
-                        }
-                }
-        if (ver >= 1)
-                {
-                if (ret->extensions != NULL)
-                        {
-                        while (sk_num(ret->extensions))
-                                X509_EXTENSION_free((X509_EXTENSION *)
-                                sk_pop(ret->extensions));
-                        }
-                        
-                M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
-                        0,V_ASN1_SEQUENCE);
-                }
-        M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-        }
-int i2d_X509_CRL(a,pp)
-X509_CRL *a;
-unsigned char **pp;
-        {
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-        M_ASN1_I2D_finish();
-        }
-X509_CRL *d2i_X509_CRL(a,pp,length)
-X509_CRL **a;
-unsigned char **pp;
-long length;
-        {
-        M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-        }
-X509_REVOKED *X509_REVOKED_new()
-        {
-        X509_REVOKED *ret=NULL;
-        M_ASN1_New_Malloc(ret,X509_REVOKED);
-        M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
-        M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
-        ret->extensions=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-        }
-X509_CRL_INFO *X509_CRL_INFO_new()
-        {
-        X509_CRL_INFO *ret=NULL;
-        M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-        ret->version=NULL;
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->issuer,X509_NAME_new);
-        M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
-        ret->nextUpdate=NULL;
-        M_ASN1_New(ret->revoked,sk_new_null);
-        M_ASN1_New(ret->extensions,sk_new_null);
-        ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-        }
-X509_CRL *X509_CRL_new()
-        {
-        X509_CRL *ret=NULL;
-        M_ASN1_New_Malloc(ret,X509_CRL);
-        ret->references=1;
-        M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-        }
-void X509_REVOKED_free(a)
-X509_REVOKED *a;
-        {
-        if (a == NULL) return;
-        ASN1_INTEGER_free(a->serialNumber);
-        ASN1_UTCTIME_free(a->revocationDate);
-        sk_pop_free(a->extensions,X509_EXTENSION_free);
-        Free((char *)a);
-        }
-void X509_CRL_INFO_free(a)
-X509_CRL_INFO *a;
-        {
-        if (a == NULL) return;
-        ASN1_INTEGER_free(a->version);
-        X509_ALGOR_free(a->sig_alg);
-        X509_NAME_free(a->issuer);
-        ASN1_UTCTIME_free(a->lastUpdate);
-        if (a->nextUpdate)
-                ASN1_UTCTIME_free(a->nextUpdate);
-        sk_pop_free(a->revoked,X509_REVOKED_free);
-        sk_pop_free(a->extensions,X509_EXTENSION_free);
-        Free((char *)a);
-        }
-void X509_CRL_free(a)
-X509_CRL *a;
-        {
        int i;
+        int (*old_cmp)(const X509_REVOKED * const *,
-        if (a == NULL) return;
+                        const X509_REVOKED * const *);
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
+        if(!a || !a->revoked) return 1;
-#ifdef REF_PRINT
+        switch(operation) {
-        REF_PRINT("X509_CRL",a);
-#endif
+                /* Save original order */
-        if (i > 0) return;
+                case ASN1_OP_D2I_POST:
-#ifdef REF_CHECK
+                for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
-        if (i < 0)
+                        sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
-                {
+                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
-                fprintf(stderr,"X509_CRL_free, bad reference count\n");
+                break;
-                abort();
-                }
+                /* Restore original order */
-#endif
+                case ASN1_OP_I2D_PRE:
+                old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
-        X509_CRL_INFO_free(a->crl);
+                sk_X509_REVOKED_sort(a->revoked);
-        X509_ALGOR_free(a->sig_alg);
+                sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
-        ASN1_BIT_STRING_free(a->signature);
+                break;
-        Free((char *)a);
        }
+        return 1;
-static int X509_REVOKED_cmp(a,b)
+}
-X509_REVOKED **a,**b;
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                        const X509_REVOKED * const *b)
        {
        return(ASN1_STRING_cmp(
                (ASN1_STRING *)(*a)->serialNumber,
                (ASN1_STRING *)(*b)->serialNumber));
        }
-static int X509_REVOKED_seq_cmp(a,b)
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
-X509_REVOKED **a,**b;
+                                const X509_REVOKED * const *b)
        {
        return((*a)->sequence-(*b)->sequence);
        }
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+        X509_CRL_INFO *inf;
+        inf = crl->crl;
+        if(!inf->revoked)
+                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        return 1;
+}
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)

diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 13acdab427..11fce96825 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -58,296 +58,105 @@
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include "cryptlib.h"	60	#include "cryptlib.h"
61	#include "asn1_mac.h"	61	#include <openssl/asn1t.h>
62	#include "x509.h"	62	#include <openssl/x509.h>
63		63
64	/*	64	static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
65	* ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);	65	const X509_REVOKED * const *b);
66	* ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);	66	static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
67	* ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);	67	const X509_REVOKED * const *b);
68	* ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);	68
69	* ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);	69	ASN1_SEQUENCE(X509_REVOKED) = {
70	* ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);	70	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
		71	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
		72	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
		73	} ASN1_SEQUENCE_END(X509_REVOKED)
		74
		75	/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
		76	* mirroring the old behaviour: its purpose is to allow the use of
		77	* sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
		78	* this will zap the original order and the signature so we keep a copy
		79	* of the original positions and reorder appropriately before encoding.
		80	*
		81	* Might want to see if there's a better way of doing this later...
71	*/	82	*/
72		83	static int crl_inf_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)
73	#ifndef NOPROTO	84	{
74	static int X509_REVOKED_cmp(X509_REVOKED a,X509_REVOKED b);	85	X509_CRL_INFO a = (X509_CRL_INFO )*pval;
75	static int X509_REVOKED_seq_cmp(X509_REVOKED a,X509_REVOKED b);
76	#else
77	static int X509_REVOKED_cmp();
78	static int X509_REVOKED_seq_cmp();
79	#endif
80
81	int i2d_X509_REVOKED(a,pp)
82	X509_REVOKED *a;
83	unsigned char **pp;
84	{
85	M_ASN1_I2D_vars(a);
86
87	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
88	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
89	M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
90
91	M_ASN1_I2D_seq_total();
92
93	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
94	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
95	M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
96
97	M_ASN1_I2D_finish();
98	}
99
100	X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
101	X509_REVOKED **a;
102	unsigned char **pp;
103	long length;
104	{
105	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
106
107	M_ASN1_D2I_Init();
108	M_ASN1_D2I_start_sequence();
109	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
110	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
111	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
112	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
113	}
114
115	int i2d_X509_CRL_INFO(a,pp)
116	X509_CRL_INFO *a;
117	unsigned char **pp;
118	{
119	int v1=0;
120	long l=0;
121	M_ASN1_I2D_vars(a);
122
123	if (sk_num(a->revoked) != 0)
124	qsort((char *)a->revoked->data,sk_num(a->revoked),
125	sizeof(X509_REVOKED ),(int ()(P_CC_CC))X509_REVOKED_seq_cmp);
126	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
127	{
128	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
129	}
130	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
131	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
132	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
133	if (a->nextUpdate != NULL)
134	{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
135	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
136	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
137	V_ASN1_SEQUENCE,v1);
138
139	M_ASN1_I2D_seq_total();
140
141	if ((a->version != NULL) && (l != 0))
142	{
143	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
144	}
145	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
146	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
147	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
148	if (a->nextUpdate != NULL)
149	{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
150	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
151	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
152	V_ASN1_SEQUENCE,v1);
153
154	M_ASN1_I2D_finish();
155	}
156
157	X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
158	X509_CRL_INFO **a;
159	unsigned char **pp;
160	long length;
161	{
162	int i,ver=0;
163	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
164
165
166	M_ASN1_D2I_Init();
167	M_ASN1_D2I_start_sequence();
168	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
169	if (ret->version != NULL)
170	ver=ret->version->data[0];
171
172	if ((ver == 0) && (ret->version != NULL))
173	{
174	ASN1_INTEGER_free(ret->version);
175	ret->version=NULL;
176	}
177	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
178	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
179	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
180	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
181	if (ret->revoked != NULL)
182	{
183	while (sk_num(ret->revoked))
184	X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
185	}
186	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
187
188	if (ret->revoked != NULL)
189	{
190	for (i=0; i<sk_num(ret->revoked); i++)
191	{
192	((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
193	}
194	}
195
196	if (ver >= 1)
197	{
198	if (ret->extensions != NULL)
199	{
200	while (sk_num(ret->extensions))
201	X509_EXTENSION_free((X509_EXTENSION *)
202	sk_pop(ret->extensions));
203	}
204
205	M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
206	0,V_ASN1_SEQUENCE);
207	}
208
209	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
210	}
211
212	int i2d_X509_CRL(a,pp)
213	X509_CRL *a;
214	unsigned char **pp;
215	{
216	M_ASN1_I2D_vars(a);
217
218	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
219	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
220	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
221
222	M_ASN1_I2D_seq_total();
223
224	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
225	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
226	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
227
228	M_ASN1_I2D_finish();
229	}
230
231	X509_CRL *d2i_X509_CRL(a,pp,length)
232	X509_CRL **a;
233	unsigned char **pp;
234	long length;
235	{
236	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
237
238	M_ASN1_D2I_Init();
239	M_ASN1_D2I_start_sequence();
240	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
241	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
242	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
243
244	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
245	}
246
247
248	X509_REVOKED *X509_REVOKED_new()
249	{
250	X509_REVOKED *ret=NULL;
251
252	M_ASN1_New_Malloc(ret,X509_REVOKED);
253	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
254	M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
255	ret->extensions=NULL;
256	return(ret);
257	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
258	}
259
260	X509_CRL_INFO *X509_CRL_INFO_new()
261	{
262	X509_CRL_INFO *ret=NULL;
263
264	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
265	ret->version=NULL;
266	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
267	M_ASN1_New(ret->issuer,X509_NAME_new);
268	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
269	ret->nextUpdate=NULL;
270	M_ASN1_New(ret->revoked,sk_new_null);
271	M_ASN1_New(ret->extensions,sk_new_null);
272	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
273	return(ret);
274	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
275	}
276
277	X509_CRL *X509_CRL_new()
278	{
279	X509_CRL *ret=NULL;
280
281	M_ASN1_New_Malloc(ret,X509_CRL);
282	ret->references=1;
283	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
284	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
285	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
286	return(ret);
287	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
288	}
289
290	void X509_REVOKED_free(a)
291	X509_REVOKED *a;
292	{
293	if (a == NULL) return;
294	ASN1_INTEGER_free(a->serialNumber);
295	ASN1_UTCTIME_free(a->revocationDate);
296	sk_pop_free(a->extensions,X509_EXTENSION_free);
297	Free((char *)a);
298	}
299
300	void X509_CRL_INFO_free(a)
301	X509_CRL_INFO *a;
302	{
303	if (a == NULL) return;
304	ASN1_INTEGER_free(a->version);
305	X509_ALGOR_free(a->sig_alg);
306	X509_NAME_free(a->issuer);
307	ASN1_UTCTIME_free(a->lastUpdate);
308	if (a->nextUpdate)
309	ASN1_UTCTIME_free(a->nextUpdate);
310	sk_pop_free(a->revoked,X509_REVOKED_free);
311	sk_pop_free(a->extensions,X509_EXTENSION_free);
312	Free((char *)a);
313	}
314
315	void X509_CRL_free(a)
316	X509_CRL *a;
317	{
318	int i;	86	int i;
319		87	int (old_cmp)(const X509_REVOKED const *,
320	if (a == NULL) return;	88	const X509_REVOKED * const *);
321		89
322	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);	90	if(!a \|\| !a->revoked) return 1;
323	#ifdef REF_PRINT	91	switch(operation) {
324	REF_PRINT("X509_CRL",a);	92
325	#endif	93	/* Save original order */
326	if (i > 0) return;	94	case ASN1_OP_D2I_POST:
327	#ifdef REF_CHECK	95	for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
328	if (i < 0)	96	sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
329	{	97	sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
330	fprintf(stderr,"X509_CRL_free, bad reference count\n");	98	break;
331	abort();	99
332	}	100	/* Restore original order */
333	#endif	101	case ASN1_OP_I2D_PRE:
334		102	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
335	X509_CRL_INFO_free(a->crl);	103	sk_X509_REVOKED_sort(a->revoked);
336	X509_ALGOR_free(a->sig_alg);	104	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
337	ASN1_BIT_STRING_free(a->signature);	105	break;
338	Free((char *)a);
339	}	106	}
340		107	return 1;
341	static int X509_REVOKED_cmp(a,b)	108	}
342	X509_REVOKED a,b;	109
		110
		111	ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
		112	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
		113	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
		114	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
		115	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
		116	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
		117	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
		118	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
		119	} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
		120
		121	ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
		122	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
		123	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
		124	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
		125	} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
		126
		127	IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
		128	IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
		129	IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
		130	IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
		131
		132	static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
		133	const X509_REVOKED * const *b)
343	{	134	{
344	return(ASN1_STRING_cmp(	135	return(ASN1_STRING_cmp(
345	(ASN1_STRING )(a)->serialNumber,	136	(ASN1_STRING )(a)->serialNumber,
346	(ASN1_STRING )(b)->serialNumber));	137	(ASN1_STRING )(b)->serialNumber));
347	}	138	}
348		139
349	static int X509_REVOKED_seq_cmp(a,b)	140	static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
350	X509_REVOKED a,b;	141	const X509_REVOKED * const *b)
351	{	142	{
352	return((a)->sequence-(b)->sequence);	143	return((a)->sequence-(b)->sequence);
353	}	144	}
		145
		146	int X509_CRL_add0_revoked(X509_CRL crl, X509_REVOKED rev)
		147	{
		148	X509_CRL_INFO *inf;
		149	inf = crl->crl;
		150	if(!inf->revoked)
		151	inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
		152	if(!inf->revoked \|\| !sk_X509_REVOKED_push(inf->revoked, rev)) {
		153	ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
		154	return 0;
		155	}
		156	return 1;
		157	}
		158
		159	IMPLEMENT_STACK_OF(X509_REVOKED)
		160	IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
		161	IMPLEMENT_STACK_OF(X509_CRL)
		162	IMPLEMENT_ASN1_SET_OF(X509_CRL)