X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fcrl.c;h=f1c49f3d641787d6c33912188862bab42424d617;hb=cf8d6c1000f7f3d91a1f3052556614f14f140e82;hp=c395b2afd5d45c2461b4e9fa5cc94cf7483de10a;hpb=ac786241a2607ea14cf29e3a0e4ad1aae672a8df;p=openssl.git

diff --git a/apps/crl.c b/apps/crl.c
index c395b2afd5..f1c49f3d64 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -93,7 +96,6 @@ static const char *crl_usage[]={
 NULL
 };
 
-static X509_CRL *load_crl(char *file, int format);
 static BIO *bio_out=NULL;
 
 int MAIN(int, char **);
@@ -103,11 +105,14 @@ int MAIN(int argc, char **argv)
 	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
 	char *CAfile = NULL, *CApath = NULL;
-	int ret=1,i,num,badops=0;
+	int ret=1,i,num,badops=0,badsig=0;
 	BIO *out=NULL;
-	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
+	int informat,outformat, keyformat;
+	char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
 	int fingerprint = 0, crlnumber = 0;
 	const char **pp;
 	X509_STORE *store = NULL;
@@ -141,6 +146,7 @@ int MAIN(int argc, char **argv)
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+	keyformat=FORMAT_PEM;
 
 	argc--;
 	argv++;
@@ -169,6 +175,21 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-gendelta") == 0)
+			{
+			if (--argc < 1) goto bad;
+			crldiff= *(++argv);
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyformat=str2fmt(*(++argv));
+			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -192,6 +213,10 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-hash_old") == 0)
+			hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -209,6 +234,8 @@ int MAIN(int argc, char **argv)
 			fingerprint= ++num;
 		else if (strcmp(*argv,"-crlnumber") == 0)
 			crlnumber= ++num;
+		else if (strcmp(*argv,"-badsig") == 0)
+			badsig = 1;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -276,6 +303,39 @@ bad:
 		else BIO_printf(bio_err, "verify OK\n");
 	}
 
+	if (crldiff)
+		{
+		X509_CRL *newcrl, *delta;
+		if (!keyfile)
+			{
+			BIO_puts(bio_err, "Missing CRL signing key\n");
+			goto end;
+			}
+		newcrl = load_crl(crldiff,informat);
+		if (!newcrl)
+			goto end;
+		pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
+					"CRL signing key");
+		if (!pkey)
+			{
+			X509_CRL_free(newcrl);
+			goto end;
+			}	
+		delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+		X509_CRL_free(newcrl);
+		EVP_PKEY_free(pkey);
+		if (delta)
+			{
+			X509_CRL_free(x);
+			x = delta;
+			}
+		else
+			{
+			BIO_puts(bio_err, "Error creating delta CRL\n");
+			goto end;
+			}
+		}
+
 	if (num)
 		{
 		for (i=1; i<=num; i++)
@@ -304,6 +364,14 @@ bad:
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
+#ifndef OPENSSL_NO_MD5
+			if (hash_old == i)
+				{
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash_old(
+						X509_CRL_get_issuer(x)));
+				}
+#endif
 			if (lastupdate == i)
 				{
 				BIO_printf(bio_out,"lastUpdate=");
@@ -378,6 +446,9 @@ bad:
 		goto end;
 		}
 
+	if (badsig)
+		x->signature->data[x->signature->length - 1] ^= 0x1;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
@@ -390,6 +461,8 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
+	if (ret != 0)
+		ERR_print_errors(bio_err);
 	BIO_free_all(out);
 	BIO_free_all(bio_out);
 	bio_out=NULL;
@@ -401,46 +474,3 @@ end:
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
-
-static X509_CRL *load_crl(char *infile, int format)
-	{
-	X509_CRL *x=NULL;
-	BIO *in=NULL;
-
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_CRL_bio(in,NULL);
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input crl\n");
-		goto end;
-		}
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load CRL\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	
-end:
-	BIO_free(in);
-	return(x);
-	}
-