X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Ft_x509.c;h=823c20860ce96280a2f590a9141e24494f9d5660;hp=12e170488f6b16bb8da5964a05055e3d58cf5666;hb=eb64730b9cb6fe9cb5bfa4b0b54bf8c9193ced2b;hpb=785cdf20482063a6b59c44825e33c1dee60217d2 diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 12e170488f..823c20860c 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -58,22 +58,25 @@ #include #include "cryptlib.h" -#include "buffer.h" -#include "bn.h" +#include +#include #ifndef NO_RSA -#include "rsa.h" +#include #endif #ifndef NO_DSA -#include "dsa.h" +#include #endif -#include "objects.h" -#include "x509.h" -#include "x509v3.h" +#include +#include +#include #ifndef NO_FP_API -int X509_print_fp(fp,x) -FILE *fp; -X509 *x; +int X509_print_fp(FILE *fp, X509 *x) + { + return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } + +int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) { BIO *b; int ret; @@ -84,118 +87,157 @@ X509 *x; return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_print(b, x); + ret=X509_print_ex(b, x, nmflag, cflag); BIO_free(b); return(ret); } #endif -int X509_print(bp,x) -BIO *bp; -X509 *x; +int X509_print(BIO *bp, X509 *x) +{ + return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} + +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; int ret=0,i,j,n; - char *m=NULL,*s; + char *m=NULL,*s, mlch = ' '; + int nmindent = 0; X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey=NULL; - char *neg; + const char *neg; X509_EXTENSION *ex; ASN1_STRING *str=NULL; + if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 16; + } + + if(nmflags == X509_FLAG_COMPAT) + nmindent = 16; + ci=x->cert_info; - if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; - if (BIO_write(bp," Data:\n",10) <= 0) goto err; - l=X509_get_version(x); - if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; - if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - - bs=X509_get_serialNumber(x); - if (bs->length <= 4) + if(!(cflag & X509_FLAG_NO_HEADER)) { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) - goto err; + if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; + if (BIO_write(bp," Data:\n",10) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_VERSION)) { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; + l=X509_get_version(x); + if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_SERIAL)) + { + + if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - for (i=0; ilength; i++) + bs=X509_get_serialNumber(x); + if (bs->length <= 4) { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + l=ASN1_INTEGER_get(bs); + if (l < 0) + { + l= -l; + neg="-"; + } + else + neg=""; + if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) goto err; } - } + else + { + neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; + if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; - i=OBJ_obj2nid(ci->signature->algorithm); - if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) - goto err; + for (i=0; ilength; i++) + { + if (BIO_printf(bp,"%02x%c",bs->data[i], + ((i+1 == bs->length)?'\n':':')) <= 0) + goto err; + } + } - if (BIO_write(bp," Issuer: ",16) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; - if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; - if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; - if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; - if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; - if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) - goto err; - i=OBJ_obj2nid(ci->key->algor->algorithm); - if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + } - pkey=X509_get_pubkey(x); - if (pkey == NULL) + if(!(cflag & X509_FLAG_NO_SIGNAME)) { - BIO_printf(bp,"%12sUnable to load Public Key\n",""); + i=OBJ_obj2nid(ci->signature->algorithm); + if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) + goto err; } - else -#ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) + + if(!(cflag & X509_FLAG_NO_ISSUER)) { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; + if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err; } - else -#endif -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if(!(cflag & X509_FLAG_NO_VALIDITY)) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; + if (BIO_write(bp," Not Before: ",24) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; + if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_SUBJECT)) + { + if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; + if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err; + } + if(!(cflag & X509_FLAG_NO_PUBKEY)) + { + if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) + goto err; + i=OBJ_obj2nid(ci->key->algor->algorithm); + if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bp,"%12sUnable to load Public Key\n",""); + ERR_print_errors(bp); + } + else +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(bp,pkey->pkey.rsa,16); + } + else #endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(bp,"%12sDSA Public Key:\n",""); + DSA_print(bp,pkey->pkey.dsa,16); + } + else +#endif + BIO_printf(bp,"%12sUnknown Public Key:\n",""); - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); + } - n=X509_get_ext_count(x); + if (cflag & X509_FLAG_NO_EXTENSIONS) + n = 0; + else + n=X509_get_ext_count(x); if (n > 0) { BIO_printf(bp,"%8sX509v3 extensions:\n",""); for (i=0; ivalue); + M_ASN1_OCTET_STRING_print(bp,ex->value); } if (BIO_write(bp,"\n",1) <= 0) goto err; } } - i=OBJ_obj2nid(x->sig_alg->algorithm); - if (BIO_printf(bp,"%4sSignature Algorithm: %s","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + if(!(cflag & X509_FLAG_NO_SIGDUMP)) + { + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (BIO_printf(bp,"%4sSignature Algorithm: %s","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; - n=x->signature->length; - s=(char *)x->signature->data; - for (i=0; isignature->length; + s=(char *)x->signature->data; + for (i=0; iaux, 0)) goto err; } - if (BIO_write(bp,"\n",1) != 1) goto err; ret=1; err: if (str != NULL) ASN1_STRING_free(str); - if (m != NULL) Free((char *)m); + if (m != NULL) OPENSSL_free(m); return(ret); } -int ASN1_STRING_print(bp,v) -BIO *bp; -ASN1_STRING *v; +int X509_ocspid_print (BIO *bp, X509 *x) + { + unsigned char *der=NULL ; + unsigned char *dertmp; + int derlen; + int i; + SHA_CTX SHA1buf ; + unsigned char SHA1md[SHA_DIGEST_LENGTH]; + + /* display the hash of the subject as it would appear + in OCSP requests */ + if (BIO_printf(bp," Subject OCSP hash: ") <= 0) + goto err; + derlen = i2d_X509_NAME(x->cert_info->subject, NULL); + if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) + goto err; + i2d_X509_NAME(x->cert_info->subject, &dertmp); + + SHA1_Init(&SHA1buf); + SHA1_Update(&SHA1buf, der, derlen); + SHA1_Final(SHA1md,&SHA1buf); + for (i=0; i < SHA_DIGEST_LENGTH; i++) + { + if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; + } + OPENSSL_free (der); + der=NULL; + + /* display the hash of the public key as it would appear + in OCSP requests */ + if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) + goto err; + + SHA1_Init(&SHA1buf); + SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data, + x->cert_info->key->public_key->length); + SHA1_Final(SHA1md,&SHA1buf); + for (i=0; i < SHA_DIGEST_LENGTH; i++) + { + if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) + goto err; + } + BIO_printf(bp,"\n"); + + return (1); +err: + if (der != NULL) OPENSSL_free(der); + return(0); + } + +int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) { int i,n; char buf[80],*p;; @@ -264,9 +361,7 @@ ASN1_STRING *v; return(1); } -int ASN1_TIME_print(bp, tm) -BIO *bp; -ASN1_TIME *tm; +int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) { if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); if(tm->type == V_ASN1_GENERALIZEDTIME) @@ -275,16 +370,16 @@ ASN1_TIME *tm; return(0); } +static const char *mon[12]= + { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; -int ASN1_GENERALIZEDTIME_print(bp,tm) -BIO *bp; -ASN1_GENERALIZEDTIME *tm; +int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) { char *v; int gmt=0; - static char *mon[12]={ - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec"}; int i; int y=0,M=0,d=0,h=0,m=0,s=0; @@ -315,15 +410,10 @@ err: return(0); } -int ASN1_UTCTIME_print(bp,tm) -BIO *bp; -ASN1_UTCTIME *tm; +int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) { char *v; int gmt=0; - static char *mon[12]={ - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec"}; int i; int y=0,M=0,d=0,h=0,m=0,s=0; @@ -355,10 +445,7 @@ err: return(0); } -int X509_NAME_print(bp,name,obase) -BIO *bp; -X509_NAME *name; -int obase; +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { char *s,*c; int ret=0,l,ll,i,first=1; @@ -373,6 +460,7 @@ int obase; c=s; for (;;) { +#ifndef CHARSET_EBCDIC if ( ((*s == '/') && ((s[1] >= 'A') && (s[1] <= 'Z') && ( (s[2] == '=') || @@ -380,6 +468,15 @@ int obase; (s[3] == '=')) ))) || (*s == '\0')) +#else + if ( ((*s == '/') && + (isupper(s[1]) && ( + (s[2] == '=') || + (isupper(s[2]) && + (s[3] == '=')) + ))) || + (*s == '\0')) +#endif { if ((l <= 0) && !first) {