Implement BUF_strnlen() and use it instead of strlen().

[openssl.git] / apps / crl.c

diff --git a/apps/crl.c b/apps/crl.c
index 8ee88af46cf14dcb71f722ff5e6e7e10dbdf87bf..f1c49f3d641787d6c33912188862bab42424d617 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -104,9 +107,12 @@ int MAIN(int argc, char **argv)
        char *CAfile = NULL, *CApath = NULL;
        int ret=1,i,num,badops=0,badsig=0;
        BIO *out=NULL;
-       int informat,outformat;
-       char *infile=NULL,*outfile=NULL;
+       int informat,outformat, keyformat;
+       char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL;
        int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
        int fingerprint = 0, crlnumber = 0;
        const char **pp;
        X509_STORE *store = NULL;
@@ -140,6 +146,7 @@ int MAIN(int argc, char **argv)
 
        informat=FORMAT_PEM;
        outformat=FORMAT_PEM;
+       keyformat=FORMAT_PEM;
 
        argc--;
        argv++;
@@ -168,6 +175,21 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        infile= *(++argv);
                        }
+               else if (strcmp(*argv,"-gendelta") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crldiff= *(++argv);
+                       }
+               else if (strcmp(*argv,"-key") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       keyfile= *(++argv);
+                       }
+               else if (strcmp(*argv,"-keyform") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       keyformat=str2fmt(*(++argv));
+                       }
                else if (strcmp(*argv,"-out") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -191,6 +213,10 @@ int MAIN(int argc, char **argv)
                        text = 1;
                else if (strcmp(*argv,"-hash") == 0)
                        hash= ++num;
+#ifndef OPENSSL_NO_MD5
+               else if (strcmp(*argv,"-hash_old") == 0)
+                       hash_old= ++num;
+#endif
                else if (strcmp(*argv,"-nameopt") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -277,6 +303,39 @@ bad:
                else BIO_printf(bio_err, "verify OK\n");
        }
 
+       if (crldiff)
+               {
+               X509_CRL *newcrl, *delta;
+               if (!keyfile)
+                       {
+                       BIO_puts(bio_err, "Missing CRL signing key\n");
+                       goto end;
+                       }
+               newcrl = load_crl(crldiff,informat);
+               if (!newcrl)
+                       goto end;
+               pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
+                                       "CRL signing key");
+               if (!pkey)
+                       {
+                       X509_CRL_free(newcrl);
+                       goto end;
+                       }       
+               delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+               X509_CRL_free(newcrl);
+               EVP_PKEY_free(pkey);
+               if (delta)
+                       {
+                       X509_CRL_free(x);
+                       x = delta;
+                       }
+               else
+                       {
+                       BIO_puts(bio_err, "Error creating delta CRL\n");
+                       goto end;
+                       }
+               }
+
        if (num)
                {
                for (i=1; i<=num; i++)
@@ -305,6 +364,14 @@ bad:
                                BIO_printf(bio_out,"%08lx\n",
                                        X509_NAME_hash(X509_CRL_get_issuer(x)));
                                }
+#ifndef OPENSSL_NO_MD5
+                       if (hash_old == i)
+                               {
+                               BIO_printf(bio_out,"%08lx\n",
+                                       X509_NAME_hash_old(
+                                               X509_CRL_get_issuer(x)));
+                               }
+#endif
                        if (lastupdate == i)
                                {
                                BIO_printf(bio_out,"lastUpdate=");
@@ -394,6 +461,8 @@ bad:
        if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
        ret=0;
 end:
+       if (ret != 0)
+               ERR_print_errors(bio_err);
        BIO_free_all(out);
        BIO_free_all(bio_out);
        bio_out=NULL;