X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=crypto%2Fasn1%2Ft_x509.c;h=36cef4605db72e938c6ca5673339c40feec1cfc4;hb=6a50d0a422a7491c98df37772e37fede2135770d;hp=8ff0a85166ccd5025cefb7539fa2da27f802119d;hpb=eda1f21f1af8b6f77327e7b37573af9c1ba73726;p=openssl.git diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 8ff0a85166..36cef4605d 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -1,5 +1,5 @@ /* crypto/asn1/t_x509.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -58,21 +58,28 @@ #include #include "cryptlib.h" -#include "buffer.h" -#include "bn.h" -#ifndef NO_RSA -#include "rsa.h" +#include +#include +#ifndef OPENSSL_NO_RSA +#include #endif -#ifndef NO_DSA -#include "dsa.h" +#ifndef OPENSSL_NO_DSA +#include #endif -#include "objects.h" -#include "x509.h" +#ifndef OPENSSL_NO_EC +#include +#endif +#include +#include +#include -#ifndef WIN16 -int X509_print_fp(fp,x) -FILE *fp; -X509 *x; +#ifndef OPENSSL_NO_FP_API +int X509_print_fp(FILE *fp, X509 *x) + { + return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } + +int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) { BIO *b; int ret; @@ -83,179 +90,246 @@ X509 *x; return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_print(b, x); + ret=X509_print_ex(b, x, nmflag, cflag); BIO_free(b); return(ret); } #endif -int X509_print(bp,x) -BIO *bp; -X509 *x; +int X509_print(BIO *bp, X509 *x) +{ + return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} + +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; - int ret=0,i,j,n; - char *m=NULL,*s; + int ret=0,i; + char *m=NULL,mlch = ' '; + int nmindent = 0; X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey=NULL; - char *neg; - X509_EXTENSION *ex; + const char *neg; ASN1_STRING *str=NULL; + if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if(nmflags == X509_FLAG_COMPAT) + nmindent = 16; + ci=x->cert_info; - if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; - if (BIO_write(bp," Data:\n",10) <= 0) goto err; - l=X509_get_version(x); - if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; - if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - - bs=X509_get_serialNumber(x); - if (bs->length <= 4) + if(!(cflag & X509_FLAG_NO_HEADER)) { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) - goto err; + if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; + if (BIO_write(bp," Data:\n",10) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_VERSION)) { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; + l=X509_get_version(x); + if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_SERIAL)) + { + + if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - for (i=0; ilength; i++) + bs=X509_get_serialNumber(x); + if (bs->length <= 4) { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + l=ASN1_INTEGER_get(bs); + if (l < 0) + { + l= -l; + neg="-"; + } + else + neg=""; + if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) goto err; } - } + else + { + neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; + if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; - i=OBJ_obj2nid(ci->signature->algorithm); - if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) - goto err; + for (i=0; ilength; i++) + { + if (BIO_printf(bp,"%02x%c",bs->data[i], + ((i+1 == bs->length)?'\n':':')) <= 0) + goto err; + } + } - if (BIO_write(bp," Issuer: ",16) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; - if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; - if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err; - if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err; - if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; - if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) - goto err; - i=OBJ_obj2nid(ci->key->algor->algorithm); - if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + } - pkey=X509_get_pubkey(x); -#ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) + if(!(cflag & X509_FLAG_NO_SIGNAME)) { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; } - else -#endif -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) + + if(!(cflag & X509_FLAG_NO_ISSUER)) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; + if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } - else -#endif - BIO_printf(bp,"%12sDSA Public Key:\n",""); - - n=X509_get_ext_count(x); - if (n > 0) + if(!(cflag & X509_FLAG_NO_VALIDITY)) { - BIO_printf(bp,"%8sX509v3 extensions:\n",""); - for (i=0; ikey->algor->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; - pack_type=X509v3_pack_type_by_OBJ(obj); - data_type=X509v3_data_type_by_OBJ(obj); - - if (pack_type == X509_EXT_PACK_STRING) - { - if (X509v3_unpack_string( - &str,data_type, - X509_EXTENSION_get_data(ex)) == NULL) - { - /* hmm... */ - goto err; - } - if ( (data_type == V_ASN1_IA5STRING) || - (data_type == V_ASN1_PRINTABLESTRING) || - (data_type == V_ASN1_T61STRING)) - { - if (BIO_write(bp,(char *)str->data, - str->length) <= 0) - goto err; - } - else if (data_type == V_ASN1_BIT_STRING) - { - BIO_printf(bp,"0x"); - for (j=0; jlength; j++) - { - BIO_printf(bp,"%02X", - str->data[j]); - } - } - } - else - { - ASN1_OCTET_STRING_print(bp,ex->value); - } - if (BIO_write(bp,"\n",1) <= 0) goto err; + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bp,"%12sUnable to load Public Key\n",""); + ERR_print_errors(bp); } + else +#ifndef OPENSSL_NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(bp,pkey->pkey.rsa,16); + } + else +#endif +#ifndef OPENSSL_NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(bp,"%12sDSA Public Key:\n",""); + DSA_print(bp,pkey->pkey.dsa,16); + } + else +#endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + BIO_printf(bp, "%12sEC Public Key:\n",""); + EC_KEY_print(bp, pkey->pkey.eckey, 16); + } + else +#endif + BIO_printf(bp,"%12sUnknown Public Key:\n",""); + + EVP_PKEY_free(pkey); } - i=OBJ_obj2nid(x->sig_alg->algorithm); - if (BIO_printf(bp,"%4sSignature Algorithm: %s","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) + X509V3_extensions_print(bp, "X509v3 extensions", + ci->extensions, cflag, 8); - n=x->signature->length; - s=(char *)x->signature->data; - for (i=0; isig_alg, x->signature) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_AUX)) + { + if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; } - if (BIO_write(bp,"\n",1) != 1) goto err; ret=1; err: if (str != NULL) ASN1_STRING_free(str); - if (m != NULL) Free((char *)m); + if (m != NULL) OPENSSL_free(m); return(ret); } -int ASN1_STRING_print(bp,v) -BIO *bp; -ASN1_STRING *v; +int X509_ocspid_print (BIO *bp, X509 *x) + { + unsigned char *der=NULL ; + unsigned char *dertmp; + int derlen; + int i; + unsigned char SHA1md[SHA_DIGEST_LENGTH]; + + /* display the hash of the subject as it would appear + in OCSP requests */ + if (BIO_printf(bp," Subject OCSP hash: ") <= 0) + goto err; + derlen = i2d_X509_NAME(x->cert_info->subject, NULL); + if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) + goto err; + i2d_X509_NAME(x->cert_info->subject, &dertmp); + + EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); + for (i=0; i < SHA_DIGEST_LENGTH; i++) + { + if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; + } + OPENSSL_free (der); + der=NULL; + + /* display the hash of the public key as it would appear + in OCSP requests */ + if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) + goto err; + + EVP_Digest(x->cert_info->key->public_key->data, + x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); + for (i=0; i < SHA_DIGEST_LENGTH; i++) + { + if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) + goto err; + } + BIO_printf(bp,"\n"); + + return (1); +err: + if (der != NULL) OPENSSL_free(der); + return(0); + } + +int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) +{ + unsigned char *s; + int i, n; + if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; + if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; + + n=sig->length; + s=sig->data; + for (i=0; itype == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); + if(tm->type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_print(bp, tm); + BIO_write(bp,"Bad time value",14); + return(0); +} + +static const char *mon[12]= + { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + +int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) + { + char *v; + int gmt=0; + int i; + int y=0,M=0,d=0,h=0,m=0,s=0; + + i=tm->length; + v=(char *)tm->data; + + if (i < 12) goto err; + if (v[i-1] == 'Z') gmt=1; + for (i=0; i<12; i++) + if ((v[i] > '9') || (v[i] < '0')) goto err; + y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0'); + M= (v[4]-'0')*10+(v[5]-'0'); + if ((M > 12) || (M < 1)) goto err; + d= (v[6]-'0')*10+(v[7]-'0'); + h= (v[8]-'0')*10+(v[9]-'0'); + m= (v[10]-'0')*10+(v[11]-'0'); + if ( (v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) + s= (v[12]-'0')*10+(v[13]-'0'); + + if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", + mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0) + return(0); + else + return(1); +err: + BIO_write(bp,"Bad time value",14); + return(0); + } + +int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) { char *v; int gmt=0; - static char *mon[12]={ - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec"}; int i; int y=0,M=0,d=0,h=0,m=0,s=0; @@ -304,7 +422,7 @@ ASN1_UTCTIME *tm; for (i=0; i<10; i++) if ((v[i] > '9') || (v[i] < '0')) goto err; y= (v[0]-'0')*10+(v[1]-'0'); - if (y < 70) y+=100; + if (y < 50) y+=100; M= (v[2]-'0')*10+(v[3]-'0'); if ((M > 12) || (M < 1)) goto err; d= (v[4]-'0')*10+(v[5]-'0'); @@ -324,24 +442,26 @@ err: return(0); } -int X509_NAME_print(bp,name,obase) -BIO *bp; -X509_NAME *name; -int obase; +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { - char *s,*c; + char *s,*c,*b; int ret=0,l,ll,i,first=1; - char buf[256]; ll=80-2-obase; - s=X509_NAME_oneline(name,buf,256); + b=s=X509_NAME_oneline(name,NULL,0); + if (!*s) + { + OPENSSL_free(b); + return 1; + } s++; /* skip the first slash */ l=ll; c=s; for (;;) { +#ifndef CHARSET_EBCDIC if ( ((*s == '/') && ((s[1] >= 'A') && (s[1] <= 'Z') && ( (s[2] == '=') || @@ -349,6 +469,15 @@ int obase; (s[3] == '=')) ))) || (*s == '\0')) +#else + if ( ((*s == '/') && + (isupper(s[1]) && ( + (s[2] == '=') || + (isupper(s[2]) && + (s[3] == '=')) + ))) || + (*s == '\0')) +#endif { if ((l <= 0) && !first) { @@ -381,6 +510,7 @@ int obase; err: X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); } + OPENSSL_free(b); return(ret); }