/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
int idx;
switch (operation) {
+ case ASN1_OP_D2I_PRE:
+ if (crl->meth->crl_free) {
+ if (!crl->meth->crl_free(crl))
+ return 0;
+ }
+ AUTHORITY_KEYID_free(crl->akid);
+ ISSUING_DIST_POINT_free(crl->idp);
+ ASN1_INTEGER_free(crl->crl_number);
+ ASN1_INTEGER_free(crl->base_crl_number);
+ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+ /* fall thru */
+
case ASN1_OP_NEW_POST:
crl->idp = NULL;
crl->akid = NULL;
if ((nid == NID_issuing_distribution_point)
|| (nid == NID_authority_key_identifier)
|| (nid == NID_delta_crl))
- break;;
+ continue;
crl->flags |= EXFLAG_CRITICAL;
break;
}
if (crl->meth->crl_init(crl) == 0)
return 0;
}
+
+ crl->flags |= EXFLAG_SET;
break;
case ASN1_OP_FREE_POST:
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
{
X509_CRL_INFO *inf;
+
inf = &crl->crl;
if (inf->revoked == NULL)
inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
X509_NAME *issuer)
{
X509_REVOKED rtmp, *rev;
- int idx;
- rtmp.serialNumber = *serial;
+ int idx, num;
+
+ if (crl->crl.revoked == NULL)
+ return 0;
+
/*
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
sk_X509_REVOKED_sort(crl->crl.revoked);
CRYPTO_THREAD_unlock(crl->lock);
}
+ rtmp.serialNumber = *serial;
idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
if (idx < 0)
return 0;
/* Need to look for matching name */
- for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+ for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
return 0;
int (*crl_verify) (X509_CRL *crl,
EVP_PKEY *pk))
{
- X509_CRL_METHOD *m;
- m = OPENSSL_malloc(sizeof(*m));
- if (m == NULL)
+ X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+ if (m == NULL) {
+ X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
m->crl_init = crl_init;
m->crl_free = crl_free;
m->crl_lookup = crl_lookup;
void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
{
- if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+ if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
return;
OPENSSL_free(m);
}