DWORD
VMCACheckNotAlreadyRevoked_Serial(
ASN1_INTEGER *asnSerial,
X509_CRL *pCrl
)
{
DWORD dwError = 0;
X509_REVOKED *rev = NULL;
dwError = X509_CRL_get0_by_serial(pCrl, &rev, asnSerial);
if( dwError == 1 ){
dwError = VMCA_CRL_CERT_ALREADY_REVOKED;
BAIL_ON_ERROR(dwError);
}
error :
// Freeing pCrl should free rev
// if(rev != NULL){
// X509_REVOKED_free(rev);
// }
return dwError;
}
const PKI_X509_CRL_ENTRY * PKI_X509_CRL_lookup(const PKI_X509_CRL *x,
const PKI_INTEGER *s ) {
long long end = 0;
const STACK_OF(X509_REVOKED) * r_sk = NULL;
X509_CRL *crl = NULL;
// Input Checks
if (!x || !s) return (NULL);
// Gets the revoked stack
if ((r_sk = X509_CRL_get_REVOKED(crl)) == NULL) {
// No Entries in the CRL
return NULL;
}
/* Set the end point to the last one */
if ((end = (long long) sk_X509_REVOKED_num(r_sk) - 1) < 0)
return NULL;
// Gets a casted pointer
crl = (X509_CRL *) x;
/* Look for serial number of certificate in CRL */
// rtmp.serialNumber = (ASN1_INTEGER *) serial;
// ok = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
PKI_X509_CRL_ENTRY *r = NULL;
// Gets the reference in r
X509_CRL_get0_by_serial(crl, &r, (PKI_INTEGER *)s);
#else
long long curr = 0;
long long cmp_val = 0;
const PKI_X509_CRL_ENTRY *r = NULL;
for( curr = 0 ; curr <= end ; curr++ ) {
const PKI_X509_CRL_ENTRY *r = NULL;
const PKI_INTEGER * s_pnt;
// Pointer to the SN in the X509_REVOKED struct
// Gets the X509_REVOKED entry
if ((r = sk_X509_REVOKED_value( r_sk, (int) curr )) != NULL) {
// # if OPENSSL_VERSION_NUMBER >= 0x1010000fL
// // Gets the Serial Number
// if ((s_pnt = X509_REVOKED_get0_serialNumber(r)) != NULL) {
// // Checks the value against the CRL
// if ((cmp_val = ASN1_INTEGER_cmp(s_pnt, s)) == 0) {
// // Found
// break;
// }
// }
// # else
if ((s_pnt = r->serialNumber) != NULL) {
// Checks the value against the CRL
if ((cmp_val = ASN1_INTEGER_cmp(s_pnt, s)) == 0) {
// Found
break;
}
}
// # endif
}
}
#endif
return r;
}
