static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) { X509_REVOKED rtmp, *rev; int idx; rtmp.serialNumber = *serial; /* * Sort revoked into serial number order if not already sorted. Do this * under a lock to avoid race condition. */ if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) { CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); sk_X509_REVOKED_sort(crl->crl.revoked); CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); } idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); if (idx < 0) return 0; /* Need to look for matching name */ for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) { rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); if (ASN1_INTEGER_cmp(&rev->serialNumber, serial)) return 0; if (crl_revoked_issuer_match(crl, issuer, rev)) { if (ret) *ret = rev; if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) return 2; return 1; } } return 0; }
STACK_OF(X509_REVOKED) *ocspd_build_crl_entries_list ( CA_LIST_ENTRY *ca, PKI_X509_CRL *crl ) { long rev_num = 0; STACK_OF(X509_REVOKED) *ret = NULL; PKI_X509_CRL_VALUE *crl_val = NULL; if ( !ca || !crl || !crl->value ) { return NULL; } crl_val = crl->value; ret = X509_CRL_get_REVOKED(crl_val); rev_num = sk_X509_REVOKED_num(ret); // if( ocspd_conf->verbose ) PKI_log( PKI_LOG_INFO, "INFO::CRL::%ld Entries [ %s ]", rev_num, ca->ca_id ); ca->crl_list = ret; ca->entries_num = (unsigned long) rev_num; if ((rev_num > -1 ) && (ca->crl_list == NULL)) { PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL ); return NULL; } sk_X509_REVOKED_sort(ca->crl_list); return (ca->crl_list); }
int X509_CRL_sort(X509_CRL *c) { int i; X509_REVOKED *r; /* sort the data so it will be written in serial * number order */ sk_X509_REVOKED_sort(c->crl->revoked); for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) { r=sk_X509_REVOKED_value(c->crl->revoked, i); r->sequence=i; } return 1; }