1 /*
2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
3 * 2001.
4 */
5 /* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com). */
56
57 #include <openssl/asn1.h>
58 #include <openssl/evp.h>
59 #include <openssl/obj.h>
60 #include <openssl/x509.h>
61
62 #include "../internal.h"
63 #include "internal.h"
64
X509_CRL_set_version(X509_CRL * x,long version)65 int X509_CRL_set_version(X509_CRL *x, long version)
66 {
67 if (x == NULL)
68 return (0);
69 if (x->crl->version == NULL) {
70 if ((x->crl->version = ASN1_INTEGER_new()) == NULL)
71 return (0);
72 }
73 return (ASN1_INTEGER_set(x->crl->version, version));
74 }
75
X509_CRL_set_issuer_name(X509_CRL * x,X509_NAME * name)76 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
77 {
78 if ((x == NULL) || (x->crl == NULL))
79 return (0);
80 return (X509_NAME_set(&x->crl->issuer, name));
81 }
82
X509_CRL_set1_lastUpdate(X509_CRL * x,const ASN1_TIME * tm)83 int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
84 {
85 ASN1_TIME *in;
86
87 if (x == NULL)
88 return (0);
89 in = x->crl->lastUpdate;
90 if (in != tm) {
91 in = ASN1_STRING_dup(tm);
92 if (in != NULL) {
93 ASN1_TIME_free(x->crl->lastUpdate);
94 x->crl->lastUpdate = in;
95 }
96 }
97 return (in != NULL);
98 }
99
X509_CRL_set1_nextUpdate(X509_CRL * x,const ASN1_TIME * tm)100 int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
101 {
102 ASN1_TIME *in;
103
104 if (x == NULL)
105 return (0);
106 in = x->crl->nextUpdate;
107 if (in != tm) {
108 in = ASN1_STRING_dup(tm);
109 if (in != NULL) {
110 ASN1_TIME_free(x->crl->nextUpdate);
111 x->crl->nextUpdate = in;
112 }
113 }
114 return (in != NULL);
115 }
116
X509_CRL_sort(X509_CRL * c)117 int X509_CRL_sort(X509_CRL *c)
118 {
119 size_t i;
120 X509_REVOKED *r;
121 /*
122 * sort the data so it will be written in serial number order
123 */
124 sk_X509_REVOKED_sort(c->crl->revoked);
125 for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
126 r = sk_X509_REVOKED_value(c->crl->revoked, i);
127 r->sequence = i;
128 }
129 c->crl->enc.modified = 1;
130 return 1;
131 }
132
X509_CRL_up_ref(X509_CRL * crl)133 int X509_CRL_up_ref(X509_CRL *crl)
134 {
135 CRYPTO_refcount_inc(&crl->references);
136 return 1;
137 }
138
X509_CRL_get_version(const X509_CRL * crl)139 long X509_CRL_get_version(const X509_CRL *crl)
140 {
141 return ASN1_INTEGER_get(crl->crl->version);
142 }
143
X509_CRL_get0_lastUpdate(const X509_CRL * crl)144 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
145 {
146 return crl->crl->lastUpdate;
147 }
148
X509_CRL_get0_nextUpdate(const X509_CRL * crl)149 const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
150 {
151 return crl->crl->nextUpdate;
152 }
153
X509_CRL_get_lastUpdate(X509_CRL * crl)154 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
155 {
156 return crl->crl->lastUpdate;
157 }
158
X509_CRL_get_nextUpdate(X509_CRL * crl)159 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
160 {
161 return crl->crl->nextUpdate;
162 }
163
X509_CRL_get_issuer(const X509_CRL * crl)164 X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
165 {
166 return crl->crl->issuer;
167 }
168
STACK_OF(X509_REVOKED)169 STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
170 {
171 return crl->crl->revoked;
172 }
173
STACK_OF(X509_EXTENSION)174 const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl)
175 {
176 return crl->crl->extensions;
177 }
178
X509_CRL_get0_signature(const X509_CRL * crl,const ASN1_BIT_STRING ** psig,const X509_ALGOR ** palg)179 void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
180 const X509_ALGOR **palg)
181 {
182 if (psig != NULL)
183 *psig = crl->signature;
184 if (palg != NULL)
185 *palg = crl->sig_alg;
186 }
187
X509_CRL_get_signature_nid(const X509_CRL * crl)188 int X509_CRL_get_signature_nid(const X509_CRL *crl)
189 {
190 return OBJ_obj2nid(crl->sig_alg->algorithm);
191 }
192
X509_REVOKED_get0_revocationDate(const X509_REVOKED * revoked)193 const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *revoked)
194 {
195 return revoked->revocationDate;
196 }
197
X509_REVOKED_set_revocationDate(X509_REVOKED * revoked,const ASN1_TIME * tm)198 int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked, const ASN1_TIME *tm)
199 {
200 ASN1_TIME *in;
201
202 if (revoked == NULL)
203 return (0);
204 in = revoked->revocationDate;
205 if (in != tm) {
206 in = ASN1_STRING_dup(tm);
207 if (in != NULL) {
208 ASN1_TIME_free(revoked->revocationDate);
209 revoked->revocationDate = in;
210 }
211 }
212 return (in != NULL);
213 }
214
X509_REVOKED_get0_serialNumber(const X509_REVOKED * revoked)215 const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *revoked)
216 {
217 return revoked->serialNumber;
218 }
219
X509_REVOKED_set_serialNumber(X509_REVOKED * revoked,const ASN1_INTEGER * serial)220 int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
221 const ASN1_INTEGER *serial)
222 {
223 ASN1_INTEGER *in;
224
225 if (revoked == NULL)
226 return (0);
227 in = revoked->serialNumber;
228 if (in != serial) {
229 in = ASN1_INTEGER_dup(serial);
230 if (in != NULL) {
231 ASN1_INTEGER_free(revoked->serialNumber);
232 revoked->serialNumber = in;
233 }
234 }
235 return (in != NULL);
236 }
237
STACK_OF(X509_EXTENSION)238 const STACK_OF(X509_EXTENSION) *
239 X509_REVOKED_get0_extensions(const X509_REVOKED *r)
240 {
241 return r->extensions;
242 }
243
i2d_re_X509_CRL_tbs(X509_CRL * crl,unsigned char ** outp)244 int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
245 {
246 crl->crl->enc.modified = 1;
247 return i2d_X509_CRL_INFO(crl->crl, outp);
248 }
249
i2d_X509_CRL_tbs(X509_CRL * crl,unsigned char ** outp)250 int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
251 {
252 return i2d_X509_CRL_INFO(crl->crl, outp);
253 }
254
X509_CRL_set1_signature_algo(X509_CRL * crl,const X509_ALGOR * algo)255 int X509_CRL_set1_signature_algo(X509_CRL *crl, const X509_ALGOR *algo)
256 {
257 /* TODO(davidben): Const-correct generated ASN.1 dup functions.
258 * Alternatively, when the types are hidden and we can embed required fields
259 * directly in structs, import |X509_ALGOR_copy| from upstream. */
260 X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo);
261 X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo);
262 if (copy1 == NULL || copy2 == NULL) {
263 X509_ALGOR_free(copy1);
264 X509_ALGOR_free(copy2);
265 return 0;
266 }
267
268 X509_ALGOR_free(crl->sig_alg);
269 crl->sig_alg = copy1;
270 X509_ALGOR_free(crl->crl->sig_alg);
271 crl->crl->sig_alg = copy2;
272 return 1;
273 }
274
X509_CRL_set1_signature_value(X509_CRL * crl,const uint8_t * sig,size_t sig_len)275 int X509_CRL_set1_signature_value(X509_CRL *crl, const uint8_t *sig,
276 size_t sig_len)
277 {
278 if (!ASN1_STRING_set(crl->signature, sig, sig_len)) {
279 return 0;
280 }
281 crl->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
282 crl->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
283 return 1;
284 }
285