DWORD VMCACheckNotAlreadyRevoked_Serial( ASN1_INTEGER *asnSerial, X509_CRL *pCrl ) { DWORD dwError = 0; X509_REVOKED *rev = NULL; dwError = X509_CRL_get0_by_serial(pCrl, &rev, asnSerial); if( dwError == 1 ){ dwError = VMCA_CRL_CERT_ALREADY_REVOKED; BAIL_ON_ERROR(dwError); } error : // Freeing pCrl should free rev // if(rev != NULL){ // X509_REVOKED_free(rev); // } return dwError; }
const PKI_X509_CRL_ENTRY * PKI_X509_CRL_lookup(const PKI_X509_CRL *x, const PKI_INTEGER *s ) { long long end = 0; const STACK_OF(X509_REVOKED) * r_sk = NULL; X509_CRL *crl = NULL; // Input Checks if (!x || !s) return (NULL); // Gets the revoked stack if ((r_sk = X509_CRL_get_REVOKED(crl)) == NULL) { // No Entries in the CRL return NULL; } /* Set the end point to the last one */ if ((end = (long long) sk_X509_REVOKED_num(r_sk) - 1) < 0) return NULL; // Gets a casted pointer crl = (X509_CRL *) x; /* Look for serial number of certificate in CRL */ // rtmp.serialNumber = (ASN1_INTEGER *) serial; // ok = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); #if OPENSSL_VERSION_NUMBER >= 0x1010000fL PKI_X509_CRL_ENTRY *r = NULL; // Gets the reference in r X509_CRL_get0_by_serial(crl, &r, (PKI_INTEGER *)s); #else long long curr = 0; long long cmp_val = 0; const PKI_X509_CRL_ENTRY *r = NULL; for( curr = 0 ; curr <= end ; curr++ ) { const PKI_X509_CRL_ENTRY *r = NULL; const PKI_INTEGER * s_pnt; // Pointer to the SN in the X509_REVOKED struct // Gets the X509_REVOKED entry if ((r = sk_X509_REVOKED_value( r_sk, (int) curr )) != NULL) { // # if OPENSSL_VERSION_NUMBER >= 0x1010000fL // // Gets the Serial Number // if ((s_pnt = X509_REVOKED_get0_serialNumber(r)) != NULL) { // // Checks the value against the CRL // if ((cmp_val = ASN1_INTEGER_cmp(s_pnt, s)) == 0) { // // Found // break; // } // } // # else if ((s_pnt = r->serialNumber) != NULL) { // Checks the value against the CRL if ((cmp_val = ASN1_INTEGER_cmp(s_pnt, s)) == 0) { // Found break; } } // # endif } } #endif return r; }