- {
- STACK_OF(X509_CRL) *crls = NULL;
- STACK_OF(CMS_RevocationInfoChoice) **pcrls;
- CMS_RevocationInfoChoice *rch;
- int i;
- pcrls = cms_get0_revocation_choices(cms);
- if (!pcrls)
- return NULL;
- for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
- {
- rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
- if (rch->type == 0)
- {
- if (!crls)
- {
- crls = sk_X509_CRL_new_null();
- if (!crls)
- return NULL;
- }
- if (!sk_X509_CRL_push(crls, rch->d.crl))
- {
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- return NULL;
- }
- CRYPTO_add(&rch->d.crl->references,
- 1, CRYPTO_LOCK_X509_CRL);
- }
- }
- return crls;
- }
+{
+ STACK_OF(X509_CRL) *crls = NULL;
+ STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+ CMS_RevocationInfoChoice *rch;
+ int i;
+ pcrls = cms_get0_revocation_choices(cms);
+ if (!pcrls)
+ return NULL;
+ for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+ rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+ if (rch->type == 0) {
+ if (!crls) {
+ crls = sk_X509_CRL_new_null();
+ if (!crls)
+ return NULL;
+ }
+ if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ return NULL;
+ }
+ X509_CRL_up_ref(rch->d.crl);
+ }
+ }
+ return crls;
+}
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+{
+ int ret;
+ ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+ if (ret)
+ return ret;
+ return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+}
+
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+{
+ const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+ if (cert_keyid == NULL)
+ return -1;
+ return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
+}
+
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+{
+ CMS_IssuerAndSerialNumber *ias;
+ ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+ if (!ias)
+ goto err;
+ if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+ goto err;
+ if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+ goto err;
+ M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+ *pias = ias;
+ return 1;
+ err:
+ M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+ CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+ return 0;
+}
+
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+{
+ ASN1_OCTET_STRING *keyid = NULL;
+ const ASN1_OCTET_STRING *cert_keyid;
+ cert_keyid = X509_get0_subject_key_id(cert);
+ if (cert_keyid == NULL) {
+ CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
+ keyid = ASN1_STRING_dup(cert_keyid);
+ if (!keyid) {
+ CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ASN1_OCTET_STRING_free(*pkeyid);
+ *pkeyid = keyid;
+ return 1;
+}