static LUA_FUNCTION(openssl_crl_cmp)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
X509_CRL *oth = CHECK_OBJECT(2, X509_CRL, "openssl.x509_crl");
int ret = X509_CRL_cmp(crl, oth);
lua_pushboolean(L, ret == 0);
return 1;
}
static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
{
int ret;
ret=((*a)->type - (*b)->type);
if (ret) return ret;
switch ((*a)->type) {
case X509_LU_X509:
ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
break;
case X509_LU_CRL:
ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
break;
default:
/* abort(); */
return 0;
}
return ret;
}
static int test_crl_reparse(const uint8_t *der_bytes, size_t der_len) {
CBS pkcs7;
CBB cbb;
STACK_OF(X509_CRL) *crls = sk_X509_CRL_new_null();
STACK_OF(X509_CRL) *crls2 = sk_X509_CRL_new_null();
uint8_t *result_data, *result2_data;
size_t result_len, result2_len, i;
CBS_init(&pkcs7, der_bytes, der_len);
if (!PKCS7_get_CRLs(crls, &pkcs7)) {
fprintf(stderr, "PKCS7_get_CRLs failed.\n");
return 0;
}
CBB_init(&cbb, der_len);
if (!PKCS7_bundle_CRLs(&cbb, crls) ||
!CBB_finish(&cbb, &result_data, &result_len)) {
fprintf(stderr, "PKCS7_bundle_CRLs failed.\n");
return 0;
}
CBS_init(&pkcs7, result_data, result_len);
if (!PKCS7_get_CRLs(crls2, &pkcs7)) {
fprintf(stderr, "PKCS7_get_CRLs reparse failed.\n");
return 0;
}
if (sk_X509_CRL_num(crls) != sk_X509_CRL_num(crls)) {
fprintf(stderr, "Number of CRLs in results differ.\n");
return 0;
}
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
X509_CRL *a = sk_X509_CRL_value(crls, i);
X509_CRL *b = sk_X509_CRL_value(crls2, i);
if (X509_CRL_cmp(a, b) != 0) {
fprintf(stderr, "CRL %u differs.\n", (unsigned) i);
return 0;
}
}
CBB_init(&cbb, der_len);
if (!PKCS7_bundle_CRLs(&cbb, crls2) ||
!CBB_finish(&cbb, &result2_data, &result2_len)) {
fprintf(stderr,
"PKCS7_bundle_CRLs failed the second time.\n");
return 0;
}
if (result_len != result2_len ||
memcmp(result_data, result2_data, result_len) != 0) {
fprintf(stderr, "Serialisation is not stable.\n");
return 0;
}
OPENSSL_free(result_data);
OPENSSL_free(result2_data);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_X509_CRL_pop_free(crls2, X509_CRL_free);
return 1;
}