Overhaul 'crl' application, add a proper X509_CRL_print function and start
authorDr. Stephen Henson <steve@openssl.org>
Fri, 19 Feb 1999 01:29:29 +0000 (01:29 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 19 Feb 1999 01:29:29 +0000 (01:29 +0000)
to support CRL extensions.

16 files changed:
CHANGES
apps/crl.c
crypto/asn1/Makefile.ssl
crypto/asn1/t_crl.c [new file with mode: 0644]
crypto/objects/obj_dat.h
crypto/objects/objects.h
crypto/x509/x509.h
crypto/x509v3/Makefile.ssl
crypto/x509v3/v3_bitst.c
crypto/x509v3/v3_int.c [new file with mode: 0644]
crypto/x509v3/v3_lib.c
crypto/x509v3/v3_pku.c
crypto/x509v3/v3_utl.c
crypto/x509v3/v3err.c
crypto/x509v3/x509v3.err
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index 1b735ea..2e47692 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
   *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
      key usage extension and fuller support for authority key id.
      [Steve Henson]
index a0098e9..a35e857 100644 (file)
@@ -63,6 +63,7 @@
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "pem.h"
 
 #undef PROG
@@ -104,7 +105,7 @@ char **argv;
        BIO *out=NULL;
        int informat,outformat;
        char *infile=NULL,*outfile=NULL;
-       int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+       int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
        char **pp,buf[256];
 
        apps_startup();
@@ -142,10 +143,6 @@ char **argv;
                        if (--argc < 1) goto bad;
                        outformat=str2fmt(*(++argv));
                        }
-               else if (strcmp(*argv,"-text") == 0)
-                       {
-                       outformat=FORMAT_TEXT;
-                       }
                else if (strcmp(*argv,"-in") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -156,6 +153,8 @@ char **argv;
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-text") == 0)
+                       text = 1;
                else if (strcmp(*argv,"-hash") == 0)
                        hash= ++num;
                else if (strcmp(*argv,"-issuer") == 0)
@@ -176,14 +175,6 @@ char **argv;
                argv++;
                }
 
-       if (outformat == FORMAT_TEXT)
-               {
-               num=0;
-               issuer= ++num;
-               lastupdate= ++num;
-               nextupdate= ++num;
-               }
-
        if (badops)
                {
 bad:
@@ -193,6 +184,7 @@ bad:
                }
 
        ERR_load_crypto_strings();
+       X509V3_add_standard_extensions();
        x=load_crl(infile,informat);
        if (x == NULL) { goto end; }
 
@@ -203,28 +195,28 @@ bad:
                        if (issuer == i)
                                {
                                X509_NAME_oneline(x->crl->issuer,buf,256);
-                               fprintf(stdout,"issuer= %s\n",buf);
+                               BIO_printf(bio_out,"issuer= %s\n",buf);
                                }
 
                        if (hash == i)
                                {
-                               fprintf(stdout,"%08lx\n",
+                               BIO_printf(bio_out,"%08lx\n",
                                        X509_NAME_hash(x->crl->issuer));
                                }
                        if (lastupdate == i)
                                {
-                               fprintf(stdout,"lastUpdate=");
+                               BIO_printf(bio_out,"lastUpdate=");
                                ASN1_TIME_print(bio_out,x->crl->lastUpdate);
-                               fprintf(stdout,"\n");
+                               BIO_printf(bio_out,"\n");
                                }
                        if (nextupdate == i)
                                {
-                               fprintf(stdout,"nextUpdate=");
+                               BIO_printf(bio_out,"nextUpdate=");
                                if (x->crl->nextUpdate != NULL)
                                        ASN1_TIME_print(bio_out,x->crl->nextUpdate);
                                else
-                                       fprintf(stdout,"NONE");
-                               fprintf(stdout,"\n");
+                                       BIO_printf(bio_out,"NONE");
+                               BIO_printf(bio_out,"\n");
                                }
                        }
                }
@@ -249,27 +241,11 @@ bad:
                        }
                }
 
+       if (text) X509_CRL_print(out, x);
        if      (outformat == FORMAT_ASN1)
                i=(int)i2d_X509_CRL_bio(out,x);
        else if (outformat == FORMAT_PEM)
                i=PEM_write_bio_X509_CRL(out,x);
-       else if (outformat == FORMAT_TEXT)
-               {
-               X509_REVOKED *r;
-               STACK *sk;
-
-               sk=sk_dup(x->crl->revoked);
-               while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
-                       {
-                       fprintf(stdout,"revoked: serialNumber=");
-                       i2a_ASN1_INTEGER(out,r->serialNumber);
-                       fprintf(stdout," revocationDate=");
-                       ASN1_TIME_print(bio_out,r->revocationDate);
-                       fprintf(stdout,"\n");
-                       }
-               sk_free(sk);
-               i=1;
-               }
        else    
                {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,9 +254,10 @@ bad:
        if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
        ret=0;
 end:
-       if (out != NULL) BIO_free(out);
-       if (bio_out != NULL) BIO_free(bio_out);
-       if (x != NULL) X509_CRL_free(x);
+       BIO_free(out);
+       BIO_free(bio_out);
+       X509_CRL_free(x);
+       X509V3_EXT_cleanup();
        EXIT(ret);
        }
 
@@ -324,7 +301,7 @@ int format;
                }
        
 end:
-       if (in != NULL) BIO_free(in);
+       BIO_free(in);
        return(x);
        }
 
index 1a467dc..68f31e0 100644 (file)
@@ -30,7 +30,7 @@ LIBSRC=       a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
        d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-       t_req.c t_x509.c t_pkey.c \
+       t_req.c t_x509.c t_crl.c t_pkey.c \
        p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
        p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
@@ -45,7 +45,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
        d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-       t_req.o t_x509.o t_pkey.o \
+       t_req.o t_x509.o t_crl.o t_pkey.o \
        p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
        p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
new file mode 100644 (file)
index 0000000..5eafa18
--- /dev/null
@@ -0,0 +1,173 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#include "objects.h"
+#include "x509.h"
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static void ext_print(BIO *out, X509_EXTENSION *ex);
+#else
+static void ext_print();
+#endif
+
+#ifndef NO_FP_API
+int X509_CRL_print_fp(fp,x)
+FILE *fp;
+X509_CRL *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+               {
+               X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+               }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+void X509_CRL_print(out, x)
+BIO *out;
+X509_CRL *x;
+{
+       char buf[256];
+       unsigned char *s;
+       STACK *rev;
+       X509_REVOKED *r;
+       long l;
+       int i, j, n;
+
+       BIO_printf(out, "Certificate Revocation List (CRL):\n");
+       l = X509_CRL_get_version(x);
+       BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+       i = OBJ_obj2nid(x->sig_alg->algorithm);
+       BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+                                (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+       X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
+       BIO_printf(out,"%8sIssuer: %s\n","",buf);
+       BIO_printf(out,"%8sLast Update: ","");
+       ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+       BIO_printf(out,"\n%8sNext Update: ","");
+       if (X509_CRL_get_nextUpdate(x))
+                ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+       else BIO_printf(out,"NONE");
+       BIO_printf(out,"\n");
+
+       n=X509_CRL_get_ext_count(x);
+       if (n > 0) {
+               BIO_printf(out,"%8sCRL extensions:\n","");
+               for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
+       }
+
+
+       rev = X509_CRL_get_REVOKED(x);
+
+       if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");
+       else BIO_printf(out, "No Revoked Certificates.\n");
+
+       for(i = 0; i < sk_num(rev); i++) {
+               r = (X509_REVOKED *) sk_value(rev, i);
+               BIO_printf(out,"    Serial Number: ");
+               i2a_ASN1_INTEGER(out,r->serialNumber);
+               BIO_printf(out,"\n        Revocation Date: ","");
+               ASN1_TIME_print(out,r->revocationDate);
+               BIO_printf(out,"\n");
+               for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
+                               ext_print(out, X509_REVOKED_get_ext(r, j));
+       }
+
+       i=OBJ_obj2nid(x->sig_alg->algorithm);
+       BIO_printf(out,"    Signature Algorithm: %s",
+                               (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+       s = x->signature->data;
+       n = x->signature->length;
+       for (i=0; i<n; i++, s++)
+       {
+               if ((i%18) == 0) BIO_write(out,"\n        ",9);
+               BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+       }
+       BIO_write(out,"\n",1);
+
+
+}
+
+static void ext_print(out, ex)
+BIO *out;
+X509_EXTENSION *ex;
+{
+       ASN1_OBJECT *obj;
+       int j;
+       BIO_printf(out,"%12s","");
+       obj=X509_EXTENSION_get_object(ex);
+       i2a_ASN1_OBJECT(out,obj);
+       j=X509_EXTENSION_get_critical(ex);
+       BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
+       if(!X509V3_EXT_print(out, ex, 0))
+                                ASN1_OCTET_STRING_print(out,ex->value);
+       BIO_write(out,"\n",1);
+}
index 07c0e54..5362bad 100644 (file)
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 140
-#define NUM_SN 111
-#define NUM_LN 136
-#define NUM_OBJ 112
+#define NUM_NID 143
+#define NUM_SN 114
+#define NUM_LN 139
+#define NUM_OBJ 115
 
-static unsigned char lvalues[726]={
+static unsigned char lvalues[735]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -179,6 +179,9 @@ static unsigned char lvalues[726]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -372,6 +375,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
        &(lvalues[706]),0},
 {"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
+       &(lvalues[725]),0},
+{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
+{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
+       &(lvalues[731]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -385,6 +393,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[109]),/* "CAST5-ECB" */
 &(nid_objs[111]),/* "CAST5-OFB" */
 &(nid_objs[13]),/* "CN" */
+&(nid_objs[141]),/* "CRLReason" */
 &(nid_objs[107]),/* "D" */
 &(nid_objs[31]),/* "DES-CBC" */
 &(nid_objs[30]),/* "DES-CFB" */
@@ -458,9 +467,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[131]),/* "codeSigning" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[140]),/* "deltaCRL" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
 &(nid_objs[128]),/* "id-kp" */
+&(nid_objs[142]),/* "invalidityDate" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
 &(nid_objs[81]),/* "ld-ce" */
@@ -489,8 +500,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[141]),/* "CRL Reason Code" */
 &(nid_objs[131]),/* "Code Signing" */
 &(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[142]),/* "Invalidity Date" */
 &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
 &(nid_objs[138]),/* "Microsoft Encrypted File System" */
 &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
@@ -519,6 +532,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
@@ -652,6 +666,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
@@ -659,8 +676,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
index bfcb90a..6ee2d4f 100644 (file)
@@ -739,6 +739,21 @@ extern "C" {
 #define NID_ns_sgc                     139
 #define OBJ_ns_sgc                     OBJ_netscape,4L,1L
 
+#define SN_delta_crl                   "deltaCRL"
+#define LN_delta_crl                   "X509v3 Delta CRL Indicator"
+#define NID_delta_crl                  140
+#define OBJ_delta_crl                  OBJ_ld_ce,27L
+
+#define SN_crl_reason                  "CRLReason"
+#define LN_crl_reason                  "CRL Reason Code"
+#define NID_crl_reason                 141
+#define OBJ_crl_reason                 OBJ_ld_ce,21L
+
+#define SN_invalidity_date             "invalidityDate"
+#define LN_invalidity_date             "Invalidity Date"
+#define NID_invalidity_date            142
+#define OBJ_invalidity_date            OBJ_ld_ce,24L
+
 #include "bio.h"
 #include "asn1.h"
 
index 5aa239a..694689e 100644 (file)
@@ -1,3 +1,4 @@
+
 /* crypto/x509/x509.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
@@ -487,6 +488,12 @@ typedef struct CBCParameter_st
 #define                X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
 #define                X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
+#define                X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define        X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define        X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define                X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define                X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
 /* This one is only used so that a binary form can output, as in
  * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define        X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
@@ -734,12 +741,14 @@ unsigned long     X509_NAME_hash(X509_NAME *x);
 int            X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
 #ifndef NO_FP_API
 int            X509_print_fp(FILE *bp,X509 *x);
+int            X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int            X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 #endif
 
 #ifdef HEADER_BIO_H
 int            X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int            X509_print(BIO *bp,X509 *x);
+int            X509_CRL_print(BIO *bp,X509_CRL *x);
 int            X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
@@ -1049,11 +1058,13 @@ unsigned long   X509_NAME_hash();
 int            X509_CRL_cmp();
 #ifndef NO_FP_API
 int            X509_print_fp();
+int            X509_CRL_print_fp();
 int            X509_REQ_print_fp();
 #endif
 
 int            X509_NAME_print();
 int            X509_print();
+int            X509_CRL_print();
 int            X509_REQ_print();
 
 int            X509_NAME_entry_count();
index 500cfd3..77604d6 100644 (file)
@@ -24,9 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c
+v3_pku.c v3_int.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o
 
 SRC= $(LIBSRC)
 
index 3e5d0d9..2b2cc59 100644 (file)
@@ -1,4 +1,4 @@
-/* v3_bitstr.c */
+/* v3_bitst.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 1999.
  */
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
new file mode 100644 (file)
index 0000000..6c966b3
--- /dev/null
@@ -0,0 +1,80 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <err.h>
+#include "x509v3.h"
+
+static ASN1_INTEGER *asn1_integer_new();
+
+X509V3_EXT_METHOD v3_crl_num = { 
+NID_crl_number, 0,
+(X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
+i2d_ASN1_INTEGER,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL};
+
+
+static ASN1_INTEGER *asn1_integer_new()
+{
+       return ASN1_INTEGER_new();
+}
index c9e9cba..7b6bda4 100644 (file)
@@ -150,6 +150,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
+extern X509V3_EXT_METHOD v3_crl_num;
+
 int X509V3_add_standard_extensions()
 {
        X509V3_EXT_add_list(v3_ns_ia5_list);
@@ -161,6 +163,7 @@ int X509V3_add_standard_extensions()
        X509V3_EXT_add(&v3_skey_id);
        X509V3_EXT_add(&v3_akey_id);
        X509V3_EXT_add(&v3_pkey_usage_period);
+       X509V3_EXT_add(&v3_crl_num);
        return 1;
 }
 
index f6d314f..7de1718 100644 (file)
@@ -1,4 +1,4 @@
-/* v3_akey.c */
+/* v3_pku.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 1999.
  */
index 45a3a56..2b4d079 100644 (file)
@@ -133,19 +133,30 @@ STACK **extlist;
        return 1;
 }
 
+char *i2s_ASN1_INTEGER(method, a)
+X509V3_EXT_METHOD *method;
+ASN1_INTEGER *a;
+{
+       BIGNUM *bntmp = NULL;
+       char *strtmp = NULL;
+       if(!a) return NULL;
+       if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+           !(strtmp = BN_bn2dec(bntmp)) )
+               X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+       BN_free(bntmp);
+       return strtmp;
+}
+
 int X509V3_add_value_int(name, aint, extlist)
 char *name;
 ASN1_INTEGER *aint;
 STACK **extlist;
 {
-       BIGNUM *bntmp;
        char *strtmp;
        int ret;
        if(!aint) return 1;
-       bntmp = ASN1_INTEGER_to_BN(aint, NULL);
-       strtmp = BN_bn2dec(bntmp);
+       if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
        ret = X509V3_add_value(name, strtmp, extlist);
-       BN_free(bntmp);
        Free(strtmp);
        return ret;
 }
index 50dff95..41367e0 100644 (file)
@@ -64,6 +64,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),      "I2S_ASN1_INTEGER"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),    "S2I_ASN1_IA5STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),      "S2I_ASN1_SKEY_ID"},
index 0b9fb62..fddbafd 100644 (file)
@@ -2,6 +2,7 @@
 
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING                          111
+#define X509V3_F_I2S_ASN1_INTEGER                       120
 #define X509V3_F_S2I_ASN1_IA5STRING                     100
 #define X509V3_F_S2I_ASN1_OCTET_STRING                  112
 #define X509V3_F_S2I_ASN1_SKEY_ID                       114
index 75a18b9..c6f7a48 100644 (file)
@@ -250,6 +250,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 int X509V3_add_value(char *name, char *value, STACK **extlist);
 int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
 int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
@@ -315,6 +316,7 @@ int X509V3_get_value_int();
 int X509V3_add_value();
 int X509V3_add_value_bool();
 int X509V3_add_value_int();
+char *i2s_ASN1_INTEGER();
 int X509V3_EXT_add();
 int X509V3_EXT_add_alias();
 void X509V3_EXT_cleanup();
@@ -338,6 +340,7 @@ int X509V3_EXT_print_fp();
 
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING                          111
+#define X509V3_F_I2S_ASN1_INTEGER                       120
 #define X509V3_F_S2I_ASN1_IA5STRING                     100
 #define X509V3_F_S2I_ASN1_OCTET_STRING                  112
 #define X509V3_F_S2I_ASN1_SKEY_ID                       114