X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fcrl.c;h=031fada14c8436b556a08425c854028ed6a91f89;hp=3e30bdc59c12b91c4784251d99b49b97b7cf0092;hb=6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8;hpb=6ddbb4cd92ad8c9ebf874e5d9920c122696b7477 diff --git a/apps/crl.c b/apps/crl.c index 3e30bdc59c..031fada14c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -26,7 +27,7 @@ typedef enum OPTION_choice { OPT_NOOUT, OPT_NAMEOPT, OPT_MD } OPTION_CHOICE; -OPTIONS crl_options[] = { +const OPTIONS crl_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format; default PEM"}, {"in", OPT_IN, '<', "Input file - default stdin"}, @@ -41,7 +42,7 @@ OPTIONS crl_options[] = { {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, - {"gendelta", OPT_GENDELTA, '<'}, + {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, {"no-CAfile", OPT_NOCAFILE, '-', @@ -69,10 +70,8 @@ int crl_main(int argc, char **argv) X509_OBJECT *xobj = NULL; EVP_PKEY *pkey; const EVP_MD *digest = EVP_sha1(); - unsigned long nmflag = 0; - char nmflag_set = 0; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; - char *CAfile = NULL, *CApath = NULL, *prog; + const char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; @@ -169,8 +168,7 @@ int crl_main(int argc, char **argv) badsig = 1; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_MD: @@ -182,9 +180,6 @@ int crl_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - x = load_crl(infile, informat); if (x == NULL) goto end; @@ -249,11 +244,18 @@ int crl_main(int argc, char **argv) } } + if (badsig) { + const ASN1_BIT_STRING *sig; + + X509_CRL_get0_signature(x, &sig, NULL); + corrupt_signature(sig); + } + if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), - nmflag); + get_nameopt()); } if (crlnumber == i) { ASN1_INTEGER *crlnum; @@ -278,13 +280,13 @@ int crl_main(int argc, char **argv) #endif if (lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); - ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); + ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x)); BIO_printf(bio_out, "\n"); } if (nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); - if (X509_CRL_get_nextUpdate(x)) - ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x)); + if (X509_CRL_get0_nextUpdate(x)) + ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x)); else BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); @@ -312,21 +314,13 @@ int crl_main(int argc, char **argv) goto end; if (text) - X509_CRL_print(out, x); + X509_CRL_print_ex(out, x, get_nameopt()); if (noout) { ret = 0; goto end; } - if (badsig) { - ASN1_BIT_STRING *sig; - unsigned char *psig; - X509_CRL_get0_signature(&sig, NULL, x); - psig = ASN1_STRING_data(sig); - psig[ASN1_STRING_length(sig) - 1] ^= 0x1; - } - if (outformat == FORMAT_ASN1) i = (int)i2d_X509_CRL_bio(out, x); else @@ -344,5 +338,5 @@ int crl_main(int argc, char **argv) X509_CRL_free(x); X509_STORE_CTX_free(ctx); X509_STORE_free(store); - return (ret); + return ret; }