BN_GF2m_mod_inv(): check bn_wexpand return value

[openssl.git] / apps / crl.c

diff --git a/apps/crl.c b/apps/crl.c
index c897335fb7d3d1da1c608a37531924fb67c0594c..b2a5d7f54db30c49d49ebbb71a030b582baa2491 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -70,8 +70,8 @@ typedef enum OPTION_choice {
     OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
     OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
     OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
-    OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT,
-    OPT_NAMEOPT, OPT_MD
+    OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+    OPT_NOOUT, OPT_NAMEOPT, OPT_MD
 } OPTION_CHOICE;
 
 OPTIONS crl_options[] = {
@@ -92,6 +92,10 @@ OPTIONS crl_options[] = {
     {"gendelta", OPT_GENDELTA, '<'},
     {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
     {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
     {"verify", OPT_VERIFY, '-'},
     {"text", OPT_TEXT, '-', "Print out a text format version"},
     {"hash", OPT_HASH, '-', "Print hash value"},
@@ -114,13 +118,14 @@ int crl_main(int argc, char **argv)
     EVP_PKEY *pkey;
     const EVP_MD *digest = EVP_sha1();
     unsigned long nmflag = 0;
+    char nmflag_set = 0;
     char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
     char *CAfile = NULL, *CApath = NULL, *prog;
     OPTION_CHOICE o;
     int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
     int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
-    int text = 0, do_ver = 0;
+    int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
     int i;
 #ifndef OPENSSL_NO_MD5
     int hash_old = 0;
@@ -170,6 +175,12 @@ int crl_main(int argc, char **argv)
             CAfile = opt_arg();
             do_ver = 1;
             break;
+        case OPT_NOCAPATH:
+            noCApath =  1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile =  1;
+            break;
         case OPT_HASH_OLD:
 #ifndef OPENSSL_NO_MD5
             hash_old = ++num;
@@ -206,6 +217,7 @@ int crl_main(int argc, char **argv)
             badsig = 1;
             break;
         case OPT_NAMEOPT:
+            nmflag_set = 1;
             if (!set_name_ex(&nmflag, opt_arg()))
                 goto opthelp;
             break;
@@ -217,15 +229,15 @@ int crl_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (!app_load_modules(NULL))
-        goto end;
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
 
     x = load_crl(infile, informat);
     if (x == NULL)
         goto end;
 
     if (do_ver) {
-        if ((store = setup_verify(CAfile, CApath)) == NULL)
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
             goto end;
         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
         if (lookup == NULL)
@@ -341,7 +353,7 @@ int crl_main(int argc, char **argv)
             }
         }
     }
-    out = bio_open_default(outfile, "w");
+    out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)
         goto end;
 
@@ -353,8 +365,13 @@ int crl_main(int argc, char **argv)
         goto end;
     }
 
-    if (badsig)
-        x->signature->data[x->signature->length - 1] ^= 0x1;
+    if (badsig) {
+        ASN1_BIT_STRING *sig;
+        unsigned char *psig;
+        X509_CRL_get0_signature(&sig, NULL, x);
+        psig = ASN1_STRING_data(sig);
+        psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
+    }
 
     if (outformat == FORMAT_ASN1)
         i = (int)i2d_X509_CRL_bio(out, x);