to support CRL extensions.
Changes between 0.9.1c and 0.9.2
+ *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+ for some CRL extensions and new objects added.
+ [Steve Henson]
+
*) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
key usage extension and fuller support for authority key id.
[Steve Henson]
#include "bio.h"
#include "err.h"
#include "x509.h"
+#include "x509v3.h"
#include "pem.h"
#undef PROG
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
- int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+ int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
char **pp,buf[256];
apps_startup();
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
- else if (strcmp(*argv,"-text") == 0)
- {
- outformat=FORMAT_TEXT;
- }
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-text") == 0)
+ text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
else if (strcmp(*argv,"-issuer") == 0)
argv++;
}
- if (outformat == FORMAT_TEXT)
- {
- num=0;
- issuer= ++num;
- lastupdate= ++num;
- nextupdate= ++num;
- }
-
if (badops)
{
bad:
}
ERR_load_crypto_strings();
+ X509V3_add_standard_extensions();
x=load_crl(infile,informat);
if (x == NULL) { goto end; }
if (issuer == i)
{
X509_NAME_oneline(x->crl->issuer,buf,256);
- fprintf(stdout,"issuer= %s\n",buf);
+ BIO_printf(bio_out,"issuer= %s\n",buf);
}
if (hash == i)
{
- fprintf(stdout,"%08lx\n",
+ BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(x->crl->issuer));
}
if (lastupdate == i)
{
- fprintf(stdout,"lastUpdate=");
+ BIO_printf(bio_out,"lastUpdate=");
ASN1_TIME_print(bio_out,x->crl->lastUpdate);
- fprintf(stdout,"\n");
+ BIO_printf(bio_out,"\n");
}
if (nextupdate == i)
{
- fprintf(stdout,"nextUpdate=");
+ BIO_printf(bio_out,"nextUpdate=");
if (x->crl->nextUpdate != NULL)
ASN1_TIME_print(bio_out,x->crl->nextUpdate);
else
- fprintf(stdout,"NONE");
- fprintf(stdout,"\n");
+ BIO_printf(bio_out,"NONE");
+ BIO_printf(bio_out,"\n");
}
}
}
}
}
+ if (text) X509_CRL_print(out, x);
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x);
- else if (outformat == FORMAT_TEXT)
- {
- X509_REVOKED *r;
- STACK *sk;
-
- sk=sk_dup(x->crl->revoked);
- while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
- {
- fprintf(stdout,"revoked: serialNumber=");
- i2a_ASN1_INTEGER(out,r->serialNumber);
- fprintf(stdout," revocationDate=");
- ASN1_TIME_print(bio_out,r->revocationDate);
- fprintf(stdout,"\n");
- }
- sk_free(sk);
- i=1;
- }
else
{
BIO_printf(bio_err,"bad output format specified for outfile\n");
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
- if (out != NULL) BIO_free(out);
- if (bio_out != NULL) BIO_free(bio_out);
- if (x != NULL) X509_CRL_free(x);
+ BIO_free(out);
+ BIO_free(bio_out);
+ X509_CRL_free(x);
+ X509V3_EXT_cleanup();
EXIT(ret);
}
}
end:
- if (in != NULL) BIO_free(in);
+ BIO_free(in);
return(x);
}
d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
- t_req.c t_x509.c t_pkey.c \
+ t_req.c t_x509.c t_crl.c t_pkey.c \
p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
- t_req.o t_x509.o t_pkey.o \
+ t_req.o t_x509.o t_crl.o t_pkey.o \
p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
--- /dev/null
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#include "objects.h"
+#include "x509.h"
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static void ext_print(BIO *out, X509_EXTENSION *ex);
+#else
+static void ext_print();
+#endif
+
+#ifndef NO_FP_API
+int X509_CRL_print_fp(fp,x)
+FILE *fp;
+X509_CRL *x;
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=X509_CRL_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+void X509_CRL_print(out, x)
+BIO *out;
+X509_CRL *x;
+{
+ char buf[256];
+ unsigned char *s;
+ STACK *rev;
+ X509_REVOKED *r;
+ long l;
+ int i, j, n;
+
+ BIO_printf(out, "Certificate Revocation List (CRL):\n");
+ l = X509_CRL_get_version(x);
+ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+ i = OBJ_obj2nid(x->sig_alg->algorithm);
+ BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+ (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+ X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
+ BIO_printf(out,"%8sIssuer: %s\n","",buf);
+ BIO_printf(out,"%8sLast Update: ","");
+ ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+ BIO_printf(out,"\n%8sNext Update: ","");
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+ else BIO_printf(out,"NONE");
+ BIO_printf(out,"\n");
+
+ n=X509_CRL_get_ext_count(x);
+ if (n > 0) {
+ BIO_printf(out,"%8sCRL extensions:\n","");
+ for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
+ }
+
+
+ rev = X509_CRL_get_REVOKED(x);
+
+ if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");
+ else BIO_printf(out, "No Revoked Certificates.\n");
+
+ for(i = 0; i < sk_num(rev); i++) {
+ r = (X509_REVOKED *) sk_value(rev, i);
+ BIO_printf(out," Serial Number: ");
+ i2a_ASN1_INTEGER(out,r->serialNumber);
+ BIO_printf(out,"\n Revocation Date: ","");
+ ASN1_TIME_print(out,r->revocationDate);
+ BIO_printf(out,"\n");
+ for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
+ ext_print(out, X509_REVOKED_get_ext(r, j));
+ }
+
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ BIO_printf(out," Signature Algorithm: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+ s = x->signature->data;
+ n = x->signature->length;
+ for (i=0; i<n; i++, s++)
+ {
+ if ((i%18) == 0) BIO_write(out,"\n ",9);
+ BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+ }
+ BIO_write(out,"\n",1);
+
+
+}
+
+static void ext_print(out, ex)
+BIO *out;
+X509_EXTENSION *ex;
+{
+ ASN1_OBJECT *obj;
+ int j;
+ BIO_printf(out,"%12s","");
+ obj=X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(out,obj);
+ j=X509_EXTENSION_get_critical(ex);
+ BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
+ if(!X509V3_EXT_print(out, ex, 0))
+ ASN1_OCTET_STRING_print(out,ex->value);
+ BIO_write(out,"\n",1);
+}
* perl obj_dat.pl < objects.h > obj_dat.h
*/
-#define NUM_NID 140
-#define NUM_SN 111
-#define NUM_LN 136
-#define NUM_OBJ 112
+#define NUM_NID 143
+#define NUM_SN 114
+#define NUM_LN 139
+#define NUM_OBJ 115
-static unsigned char lvalues[726]={
+static unsigned char lvalues[735]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
+0x55,0x1D,0x1B, /* [725] OBJ_delta_crl */
+0x55,0x1D,0x15, /* [728] OBJ_crl_reason */
+0x55,0x1D,0x18, /* [731] OBJ_invalidity_date */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
&(lvalues[706]),0},
{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
+ &(lvalues[725]),0},
+{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
+{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
+ &(lvalues[731]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[109]),/* "CAST5-ECB" */
&(nid_objs[111]),/* "CAST5-OFB" */
&(nid_objs[13]),/* "CN" */
+&(nid_objs[141]),/* "CRLReason" */
&(nid_objs[107]),/* "D" */
&(nid_objs[31]),/* "DES-CBC" */
&(nid_objs[30]),/* "DES-CFB" */
&(nid_objs[131]),/* "codeSigning" */
&(nid_objs[103]),/* "crlDistributionPoints" */
&(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[140]),/* "deltaCRL" */
&(nid_objs[132]),/* "emailProtection" */
&(nid_objs[126]),/* "extendedKeyUsage" */
&(nid_objs[128]),/* "id-kp" */
+&(nid_objs[142]),/* "invalidityDate" */
&(nid_objs[86]),/* "issuerAltName" */
&(nid_objs[83]),/* "keyUsage" */
&(nid_objs[81]),/* "ld-ce" */
};
static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[141]),/* "CRL Reason Code" */
&(nid_objs[131]),/* "Code Signing" */
&(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[142]),/* "Invalidity Date" */
&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
&(nid_objs[138]),/* "Microsoft Encrypted File System" */
&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
&(nid_objs[88]),/* "X509v3 CRL Number" */
&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
&(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */
&(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */
&(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */
+&(nid_objs[141]),/* OBJ_crl_reason 2 5 29 21 */
+&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */
+&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */
&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */
&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */
-&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */
&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666.1 */
+&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */
&(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */
&(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */
&(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */
#define NID_ns_sgc 139
#define OBJ_ns_sgc OBJ_netscape,4L,1L
+#define SN_delta_crl "deltaCRL"
+#define LN_delta_crl "X509v3 Delta CRL Indicator"
+#define NID_delta_crl 140
+#define OBJ_delta_crl OBJ_ld_ce,27L
+
+#define SN_crl_reason "CRLReason"
+#define LN_crl_reason "CRL Reason Code"
+#define NID_crl_reason 141
+#define OBJ_crl_reason OBJ_ld_ce,21L
+
+#define SN_invalidity_date "invalidityDate"
+#define LN_invalidity_date "Invalidity Date"
+#define NID_invalidity_date 142
+#define OBJ_invalidity_date OBJ_ld_ce,24L
+
#include "bio.h"
#include "asn1.h"
+
/* crypto/x509/x509.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
/* This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
#ifndef NO_FP_API
int X509_print_fp(FILE *bp,X509 *x);
+int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
#endif
#ifdef HEADER_BIO_H
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
int X509_print(BIO *bp,X509 *x);
+int X509_CRL_print(BIO *bp,X509_CRL *x);
int X509_REQ_print(BIO *bp,X509_REQ *req);
#endif
int X509_CRL_cmp();
#ifndef NO_FP_API
int X509_print_fp();
+int X509_CRL_print_fp();
int X509_REQ_print_fp();
#endif
int X509_NAME_print();
int X509_print();
+int X509_CRL_print();
int X509_REQ_print();
int X509_NAME_entry_count();
LIB=$(TOP)/libcrypto.a
LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c
+v3_pku.c v3_int.c
LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o
SRC= $(LIBSRC)
-/* v3_bitstr.c */
+/* v3_bitst.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
--- /dev/null
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <err.h>
+#include "x509v3.h"
+
+static ASN1_INTEGER *asn1_integer_new();
+
+X509V3_EXT_METHOD v3_crl_num = {
+NID_crl_number, 0,
+(X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
+i2d_ASN1_INTEGER,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL};
+
+
+static ASN1_INTEGER *asn1_integer_new()
+{
+ return ASN1_INTEGER_new();
+}
extern X509V3_EXT_METHOD v3_pkey_usage_period;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern X509V3_EXT_METHOD v3_crl_num;
+
int X509V3_add_standard_extensions()
{
X509V3_EXT_add_list(v3_ns_ia5_list);
X509V3_EXT_add(&v3_skey_id);
X509V3_EXT_add(&v3_akey_id);
X509V3_EXT_add(&v3_pkey_usage_period);
+ X509V3_EXT_add(&v3_crl_num);
return 1;
}
-/* v3_akey.c */
+/* v3_pku.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
return 1;
}
+char *i2s_ASN1_INTEGER(method, a)
+X509V3_EXT_METHOD *method;
+ASN1_INTEGER *a;
+{
+ BIGNUM *bntmp = NULL;
+ char *strtmp = NULL;
+ if(!a) return NULL;
+ if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+ !(strtmp = BN_bn2dec(bntmp)) )
+ X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+ BN_free(bntmp);
+ return strtmp;
+}
+
int X509V3_add_value_int(name, aint, extlist)
char *name;
ASN1_INTEGER *aint;
STACK **extlist;
{
- BIGNUM *bntmp;
char *strtmp;
int ret;
if(!aint) return 1;
- bntmp = ASN1_INTEGER_to_BN(aint, NULL);
- strtmp = BN_bn2dec(bntmp);
+ if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
ret = X509V3_add_value(name, strtmp, extlist);
- BN_free(bntmp);
Free(strtmp);
return ret;
}
static ERR_STRING_DATA X509V3_str_functs[]=
{
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "I2S_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"},
/* Function codes. */
#define X509V3_F_HEX_TO_STRING 111
+#define X509V3_F_I2S_ASN1_INTEGER 120
#define X509V3_F_S2I_ASN1_IA5STRING 100
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
#define X509V3_F_S2I_ASN1_SKEY_ID 114
int X509V3_add_value(char *name, char *value, STACK **extlist);
int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
void X509V3_EXT_cleanup(void);
int X509V3_add_value();
int X509V3_add_value_bool();
int X509V3_add_value_int();
+char *i2s_ASN1_INTEGER();
int X509V3_EXT_add();
int X509V3_EXT_add_alias();
void X509V3_EXT_cleanup();
/* Function codes. */
#define X509V3_F_HEX_TO_STRING 111
+#define X509V3_F_I2S_ASN1_INTEGER 120
#define X509V3_F_S2I_ASN1_IA5STRING 100
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
#define X509V3_F_S2I_ASN1_SKEY_ID 114
projects / openssl.git / commitdiff