Exemple #1
0
int
X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
	int ret = 0;
	BIO *in = NULL;
	int i, count = 0;
	X509_CRL *x = NULL;

	if (file == NULL)
		return (1);
	in = BIO_new(BIO_s_file_internal());

	if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
		X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
		goto err;
	}

	if (type == X509_FILETYPE_PEM) {
		for (;;) {
			x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
			if (x == NULL) {
				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
				    PEM_R_NO_START_LINE) && (count > 0)) {
					ERR_clear_error();
					break;
				} else {
					X509err(X509_F_X509_LOAD_CRL_FILE,
					    ERR_R_PEM_LIB);
					goto err;
				}
			}
			i = X509_STORE_add_crl(ctx->store_ctx, x);
			if (!i)
				goto err;
			count++;
			X509_CRL_free(x);
			x = NULL;
		}
		ret = count;
	} else if (type == X509_FILETYPE_ASN1) {
		x = d2i_X509_CRL_bio(in, NULL);
		if (x == NULL) {
			X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
			goto err;
		}
		i = X509_STORE_add_crl(ctx->store_ctx, x);
		if (!i)
			goto err;
		ret = i;
	} else {
		X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
		goto err;
	}
err:
	if (x != NULL)
		X509_CRL_free(x);
	if (in != NULL)
		BIO_free(in);
	return (ret);
}
Exemple #2
0
void pki_crl::fload(const QString fname)
{
	FILE *fp = fopen(QString2filename(fname), "r");
	X509_CRL *_crl;
	if (fp != NULL) {
		_crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
		if (!_crl) {
			pki_ign_openssl_error();
			rewind(fp);
			_crl = d2i_X509_CRL_fp(fp, NULL);
		}
		fclose(fp);
		if (pki_ign_openssl_error()) {
			if (_crl)
				X509_CRL_free(_crl);
			throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname));
		}
		if (crl)
			X509_CRL_free(crl);
		crl = _crl;
		setIntName(rmslashdot(fname));
		pki_openssl_error();
	} else
		fopen_error(fname);
}
Exemple #3
0
static int
tls_sc_add_crl(lua_State *L) {

  tls_sc_t *ctx = getSC(L);
  X509_CRL *x509;
  BIO *bio;

  bio = _lua_load_bio(L, -1);
  if (!bio) {
    lua_pushboolean(L, 0);
    return 1;
  }

  x509 = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
  if (x509 == NULL) {
    BIO_free(bio);
    lua_pushboolean(L, 0);
    return 1;
  }

  X509_STORE_add_crl(ctx->ca_store, x509);
  X509_STORE_set_flags(ctx->ca_store,
                       X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);

  BIO_free(bio);
  X509_CRL_free(x509);

  lua_pushboolean(L, 1);
  return 1;
}
Exemple #4
0
extern "C" void CryptoNative_X509CrlDestroy(X509_CRL* a)
{
    if (a != nullptr)
    {
        X509_CRL_free(a);
    }
}
Exemple #5
0
/*
 * X.509 CRL decoder.
 */
static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
                                           const char *pem_header,
                                           const unsigned char *blob,
                                           size_t len, void **pctx,
                                           int *matchcount,
                                           const UI_METHOD *ui_method,
                                           void *ui_data)
{
    OSSL_STORE_INFO *store_info = NULL;
    X509_CRL *crl = NULL;

    if (pem_name != NULL) {
        if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
            /* No match */
            return NULL;
        *matchcount = 1;
    }

    if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
        *matchcount = 1;
        store_info = OSSL_STORE_INFO_new_CRL(crl);
    }

    if (store_info == NULL)
        X509_CRL_free(crl);

    return store_info;
}
Exemple #6
0
void X509_INFO_free(X509_INFO *x)
	{
	int i;

	if (x == NULL) return;

	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
#ifdef REF_PRINT
	REF_PRINT("X509_INFO",x);
#endif
	if (i > 0) return;
#ifdef REF_CHECK
	if (i < 0)
		{
		fprintf(stderr,"X509_INFO_free, bad reference count\n");
		abort();
		}
#endif

	if (x->x509 != NULL) X509_free(x->x509);
	if (x->crl != NULL) X509_CRL_free(x->crl);
	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
	if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
	OPENSSL_free(x);
	}
Exemple #7
0
int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
{
    int i;
    STACK_OF(X509_CRL) **sk;

    i = OBJ_obj2nid(p7->type);
    switch (i) {
    case NID_pkcs7_signed:
        sk = &(p7->d.sign->crl);
        break;
    case NID_pkcs7_signedAndEnveloped:
        sk = &(p7->d.signed_and_enveloped->crl);
        break;
    default:
        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
        return (0);
    }

    if (*sk == NULL)
        *sk = sk_X509_CRL_new_null();
    if (*sk == NULL) {
        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
        return 0;
    }

    X509_CRL_up_ref(crl);
    if (!sk_X509_CRL_push(*sk, crl)) {
        X509_CRL_free(crl);
        return 0;
    }
    return (1);
}
Exemple #8
0
/*
 * openssl crl -in ca.crl -text
 */
void show_crl(char * ca_name)
{
    X509_CRL * crl ;
    X509_REVOKED * rev ;
    int i, total ;
    STACK_OF(X509_REVOKED) * rev_list ;
    BIO * out ;

    if ((crl = load_crl(ca_name))==NULL) {
        printf("No CRL found\n");
        return ;
    }
    rev_list = X509_CRL_get_REVOKED(crl);
    total = sk_X509_REVOKED_num(rev_list);

    out = BIO_new(BIO_s_file());
    out = BIO_new_fp(stdout, BIO_NOCLOSE);

    BIO_printf(out, "-- Revoked certificates found in CRL\n");
    for (i=0 ; i<total ; i++) {
        rev=sk_X509_REVOKED_value(rev_list, i);
        BIO_printf(out, "serial: ");
        i2a_ASN1_INTEGER(out, rev->serialNumber);
        BIO_printf(out, "\n  date: ");
        ASN1_TIME_print(out, rev->revocationDate);
        BIO_printf(out, "\n\n");
    }
    X509_CRL_free(crl);
    BIO_free_all(out);
    return ;
}
Exemple #9
0
extern "C" void X509CrlDestroy(X509_CRL* a)
{
    if (a != nullptr)
    {
        X509_CRL_free(a);
    }
}
Exemple #10
0
void
STORE_OBJECT_free(STORE_OBJECT *data)
{
	if (!data)
		return;
	switch (data->type) {
	case STORE_OBJECT_TYPE_X509_CERTIFICATE:
		X509_free(data->data.x509.certificate);
		break;
	case STORE_OBJECT_TYPE_X509_CRL:
		X509_CRL_free(data->data.crl);
		break;
	case STORE_OBJECT_TYPE_PRIVATE_KEY:
	case STORE_OBJECT_TYPE_PUBLIC_KEY:
		EVP_PKEY_free(data->data.key);
		break;
	case STORE_OBJECT_TYPE_NUMBER:
		BN_free(data->data.number);
		break;
	case STORE_OBJECT_TYPE_ARBITRARY:
		BUF_MEM_free(data->data.arbitrary);
		break;
	}
	free(data);
}
Exemple #11
0
void pki_crl::d2i(QByteArray &ba)
{
	X509_CRL *c = (X509_CRL*)d2i_bytearray(D2I_VOID(d2i_X509_CRL), ba);
	if (c) {
		X509_CRL_free(crl);
		crl = c;
	}
}
Exemple #12
0
static LUA_FUNCTION(openssl_crl_free)
{
  X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
  lua_pushnil(L);
  lua_setmetatable(L, 1);
  X509_CRL_free(crl);
  return 0;
}
Exemple #13
0
      void erase()
      {
	if (crl_)
	  {
	    X509_CRL_free(crl_);
	    crl_ = NULL;
	  }
      }
Exemple #14
0
void pki_crl::fromPEM_BIO(BIO *bio, QString name)
{
	X509_CRL*_crl;
	_crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
	openssl_error(name);
	X509_CRL_free(crl);
	crl = _crl;
	setIntName(rmslashdot(name));
}
Exemple #15
0
int PKI_X509_CRL_free ( PKI_X509_CRL * x ) {

  if( !x ) return (PKI_ERR);

  if( x->value ) X509_CRL_free ((X509_CRL *) x->value );

  PKI_Free ( x );

  return( PKI_OK );
}
Exemple #16
0
DWORD
VMCACrlFree(
    X509_CRL *pCrl
    )
{
    DWORD dwError = 0;
    if(pCrl != NULL) {
        X509_CRL_free(pCrl);
    }
    return dwError;
}
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
    switch (a->type) {
    case X509_LU_X509:
        X509_free(a->data.x509);
        break;
    case X509_LU_CRL:
        X509_CRL_free(a->data.crl);
        break;
    }
}
static VALUE
ossl_pkcs7_set_crls(VALUE self, VALUE ary)
{
    STACK_OF(X509_CRL) *crls;
    X509_CRL *crl;

    crls = pkcs7_get_crls(self);
    while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
    rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);

    return ary;
}
Exemple #19
0
static
DWORD
VMCAPEMToX509Crl(
    PSTR        pCrl,
    X509_CRL**  ppX509Crl
    )
{
    DWORD   dwError = 0;
    BIO*    pBioMem = NULL;
    X509_CRL *pX509Crl = NULL;

    if (!pCrl || !ppX509Crl)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_ERROR(dwError);
    }

    pBioMem = BIO_new_mem_buf((PVOID) pCrl, -1);
    if ( pBioMem == NULL)
    {
        dwError = ERROR_OUTOFMEMORY;
        BAIL_ON_ERROR(dwError);
    }

    pX509Crl  = PEM_read_bio_X509_CRL(pBioMem, NULL, NULL, NULL);
    if (pX509Crl  == NULL)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_ERROR(dwError);
    }

    *ppX509Crl = pX509Crl;

cleanup :

    if (pBioMem)
    {
        BIO_free(pBioMem);
    }

    return dwError;

error :

    *ppX509Crl = NULL;

    if (pX509Crl != NULL)
    {
       X509_CRL_free(pX509Crl);
    }

    goto cleanup;
}
Exemple #20
0
static void cleanup(X509_OBJECT *a)
{
	if (a->type == X509_LU_X509) {
		X509_free(a->data.x509);
	} else if (a->type == X509_LU_CRL) {
		X509_CRL_free(a->data.crl);
	} else {
		/* abort(); */
	}

	free(a);
}
Exemple #21
0
void X509_OBJECT_free_contents(X509_OBJECT *a)
	{
	switch (a->type)
		{
	case X509_LU_X509:
		X509_free(a->data.x509);
		break;
#ifndef OPERA_SMALL_VERSION
	case X509_LU_CRL:
		X509_CRL_free(a->data.crl);
		break;
#endif
		}
	}
Exemple #22
0
void Crl::Load()
{
	if(!download.Get(url.c_str(), path.c_str()))
	{
		pf_log[W_INFO] << "CRL download failed";
		throw DownloadFailed();
	}
	pf_log[W_INFO] << "Loading CRL file : \"" << path << "\".";

	if(crl)
	{
		X509_CRL_free(crl);
		crl = NULL;
	}

	// TODO: simplify-me with openssl's BIO
	FILE* f = fopen(path.c_str(), "r");
	if(!f)
		throw BadCRL(std::string(strerror(errno)));

	if(fseek(f, 0, SEEK_END))
		throw BadCRL(std::string(strerror(errno)));

	size_t file_size = ftell(f);
	rewind(f);

	char buf[file_size];
	if(fread(buf, file_size, 1, f) <= 0)
	{
		fclose(f);
		throw BadCRL(std::string(strerror(errno)));
	}

	if(file_size > INT_MAX)
		throw BadCRL(std::string("File is too big"));

	BIO* raw_crl = BIO_new_mem_buf(buf, (int)file_size);
	crl = PEM_read_bio_X509_CRL(raw_crl, NULL, NULL, NULL);
	BIO_free(raw_crl);

	if(!crl)
	{
		std::string str = std::string(ERR_error_string( ERR_get_error(), NULL));
		throw BadCRL(str);
	}

	char* str = X509_NAME_oneline (X509_CRL_get_issuer (crl), 0, 0);
	pf_log[W_INFO] << "CRL issued by: " << str;
}
Exemple #23
0
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
    if (!a)
        return;
    switch (a->type) {
    default:
        break;
    case X509_LU_X509:
        X509_free(a->data.x509);
        break;
    case X509_LU_CRL:
        X509_CRL_free(a->data.crl);
        break;
    }
}
Exemple #24
0
static void cleanup(X509_OBJECT *a)
{
    if (a == NULL) {
        return;
    }
    if (a->type == X509_LU_X509) {
        X509_free(a->data.x509);
    } else if (a->type == X509_LU_CRL) {
        X509_CRL_free(a->data.crl);
    } else {
        /* abort(); */
    }

    OPENSSL_free(a);
}
Exemple #25
0
void X509_OBJECT_free(X509_OBJECT *a)
{
    if (a == NULL)
        return;
    switch (a->type) {
    default:
        break;
    case X509_LU_X509:
        X509_free(a->data.x509);
        break;
    case X509_LU_CRL:
        X509_CRL_free(a->data.crl);
        break;
    }
    OPENSSL_free(a);
}
static void cleanup(X509_OBJECT *a)
	{
	if (a->type == X509_LU_X509)
		{
		X509_free(a->data.x509);
		}
	else if (a->type == X509_LU_CRL)
		{
		X509_CRL_free(a->data.crl);
		}
	else
		{
		/* TINYCLR_SSL_ABORT(); */
		}

	OPENSSL_free(a);
	}
static VALUE
ossl_x509crl_copy(VALUE self, VALUE other)
{
    X509_CRL *a, *b, *crl;
	
    rb_check_frozen(self);
    if (self == other) return self;
    GetX509CRL(self, a);
    SafeGetX509CRL(other, b);
    if (!(crl = X509_CRL_dup(b))) {
	ossl_raise(eX509CRLError, NULL);
    }
    X509_CRL_free(a);
    DATA_PTR(self) = crl;

    return self;
}
Exemple #28
0
static void cleanup(X509_OBJECT *a)
	{
	if (a->type == X509_LU_X509)
		{
		X509_free(a->data.x509);
		}
#ifndef OPERA_SMALL_VERSION
	else if (a->type == X509_LU_CRL)
		{
		X509_CRL_free(a->data.crl);
		}
#endif
	else
		{
		/* abort(); */
		}

	OPENSSL_free(a);
	}
Exemple #29
0
void
X509_INFO_free(X509_INFO *x)
{
	int i;

	if (x == NULL)
		return;

	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
	if (i > 0)
		return;

	if (x->x509 != NULL)
		X509_free(x->x509);
	if (x->crl != NULL)
		X509_CRL_free(x->crl);
	if (x->x_pkey != NULL)
		X509_PKEY_free(x->x_pkey);
	free(x->enc_data);
	free(x);
}
Exemple #30
0
static void crl_reloader_free(X509_LOOKUP *ctx)
{
   int cnt;
   TLS_CRL_Reload_Context *data;

   if (ctx->method_data) {
      data = (TLS_CRL_Reload_Context *)ctx->method_data;

      if (data->crl_file_name) {
         free(data->crl_file_name);
      }

      for (cnt = 0; cnt < MAX_CRLS; cnt++) {
         if (data->crls[cnt]) {
            X509_CRL_free(data->crls[cnt]);
         }
      }

      free(data);
      ctx->method_data = NULL;
   }
}