CRL enhancements for revoked entries

[padelsbach]

Description

Add/update CRL related features:

• Allow for caller specified revocation date
• Support for reason code and extensions in the CRL
• Update functions from stubs to real implementations: wolfSSL_X509_CRL_get_REVOKED, wolfSSL_sk_X509_REVOKED_num, wolfSSL_sk_X509_REVOKED_value, wolfSSL_X509_REVOKED_get0_revocation_date

Fixes zd#

Testing

New unit tests

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[padelsbach]

jenkins retest this please

[Copilot]

Pull request overview

This PR enhances CRL (Certificate Revocation List) functionality by adding support for revocation dates, reason codes, and extensions in revoked certificate entries. The implementation converts previously stubbed functions into fully functional APIs for retrieving and managing CRL revoked entries.

Changes:

• Added support for caller-specified revocation dates and CRL reason codes
• Implemented wolfSSL_X509_CRL_get_REVOKED, wolfSSL_sk_X509_REVOKED_num, wolfSSL_sk_X509_REVOKED_value, and wolfSSL_X509_REVOKED_get0_revocation_date functions
• Added parsing logic for CRL entry extensions including reason code extraction

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
wolfssl/wolfcrypt/asn.h	Added function declaration for parsing CRL reason codes and new fields to RevokedCert structure
wolfssl/ssl.h	Updated X509_REVOKED structure with new fields and changed function signatures to use WOLFSSL_STACK
wolfssl/openssl/x509v3.h	Added CRL reason code constant definitions per RFC 5280
wolfssl/openssl/ssl.h	Added macro definitions for new X509_REVOKED functions
wolfssl/internal.h	Added revokedStack cache field and X509_REVOKED stack type
wolfcrypt/src/asn.c	Implemented CRL reason code parsing and extension handling in GetRevoked
tests/api.c	Added comprehensive unit tests for CRL revoked entry functionality
src/x509.c	Implemented previously stubbed functions for CRL revoked entry access
src/ssl_sk.c	Added X509_REVOKED stack type handling
src/crl.c	Enhanced CRL add_revoked to support caller-specified dates and reason codes

Comments suppressed due to low confidence (3)

wolfcrypt/src/asn.c:1

• The variable seqHdrSz is declared but never used meaningfully. Consider removing it along with its void cast, or implement the intended header size calculation if it was meant to be used.
  wolfcrypt/src/asn.c:1
• The variable seqHdrSz is declared but never used meaningfully. Consider removing it along with its void cast, or implement the intended header size calculation if it was meant to be used.
  tests/api.c:1
• The comment 'Test X509_CRL_get_REVOKED and stack iteration' applies to a large block of code. Consider breaking this into smaller sub-sections with more specific comments for each test aspect (NULL checks, stack population verification, revocation date checks, etc.).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The sequence field documentation is missing its purpose. Consider adding a docstring explaining that this field tracks the original order of entries in the CRL for iteration purposes.

Suggested change

	int sequence; /* original load order in CRL */
	int sequence; /* tracks original order of entries
	* in the CRL for iteration */

[padelsbach]

Done