diff options
| author | markus <> | 2002-09-05 12:51:52 +0000 |
|---|---|---|
| committer | markus <> | 2002-09-05 12:51:52 +0000 |
| commit | 5514995a9d5ed91db089875adb509c7781357c0e (patch) | |
| tree | 2484410a46ba6c05ef94c253da36fbceef990b64 /src/lib/libssl/src/apps/crl.c | |
| parent | fd9566423b542798f5c8b06e68101a9ea5bb9885 (diff) | |
| download | openbsd-5514995a9d5ed91db089875adb509c7781357c0e.tar.gz openbsd-5514995a9d5ed91db089875adb509c7781357c0e.tar.bz2 openbsd-5514995a9d5ed91db089875adb509c7781357c0e.zip | |
import openssl-0.9.7-beta1
Diffstat (limited to 'src/lib/libssl/src/apps/crl.c')
| -rw-r--r-- | src/lib/libssl/src/apps/crl.c | 233 |
1 files changed, 161 insertions, 72 deletions
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c index 2c18374ee0..00946b4d20 100644 --- a/src/lib/libssl/src/apps/crl.c +++ b/src/lib/libssl/src/apps/crl.c | |||
| @@ -60,10 +60,11 @@ | |||
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | #include "apps.h" | 62 | #include "apps.h" |
| 63 | #include "bio.h" | 63 | #include <openssl/bio.h> |
| 64 | #include "err.h" | 64 | #include <openssl/err.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include "pem.h" | 66 | #include <openssl/x509v3.h> |
| 67 | #include <openssl/pem.h> | ||
| 67 | 68 | ||
| 68 | #undef PROG | 69 | #undef PROG |
| 69 | #define PROG crl_main | 70 | #define PROG crl_main |
| @@ -71,15 +72,10 @@ | |||
| 71 | #undef POSTFIX | 72 | #undef POSTFIX |
| 72 | #define POSTFIX ".rvk" | 73 | #define POSTFIX ".rvk" |
| 73 | 74 | ||
| 74 | #define FORMAT_UNDEF 0 | ||
| 75 | #define FORMAT_ASN1 1 | ||
| 76 | #define FORMAT_TEXT 2 | ||
| 77 | #define FORMAT_PEM 3 | ||
| 78 | |||
| 79 | static char *crl_usage[]={ | 75 | static char *crl_usage[]={ |
| 80 | "usage: crl args\n", | 76 | "usage: crl args\n", |
| 81 | "\n", | 77 | "\n", |
| 82 | " -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", | 78 | " -inform arg - input format - default PEM (DER or PEM)\n", |
| 83 | " -outform arg - output format - default PEM\n", | 79 | " -outform arg - output format - default PEM\n", |
| 84 | " -text - print out a text format version\n", | 80 | " -text - print out a text format version\n", |
| 85 | " -in arg - input file - default stdin\n", | 81 | " -in arg - input file - default stdin\n", |
| @@ -89,28 +85,36 @@ static char *crl_usage[]={ | |||
| 89 | " -lastupdate - lastUpdate field\n", | 85 | " -lastupdate - lastUpdate field\n", |
| 90 | " -nextupdate - nextUpdate field\n", | 86 | " -nextupdate - nextUpdate field\n", |
| 91 | " -noout - no CRL output\n", | 87 | " -noout - no CRL output\n", |
| 88 | " -CAfile name - verify CRL using certificates in file \"name\"\n", | ||
| 89 | " -CApath dir - verify CRL using certificates in \"dir\"\n", | ||
| 90 | " -nameopt arg - various certificate name options\n", | ||
| 92 | NULL | 91 | NULL |
| 93 | }; | 92 | }; |
| 94 | 93 | ||
| 95 | #ifndef NOPROTO | ||
| 96 | static X509_CRL *load_crl(char *file, int format); | 94 | static X509_CRL *load_crl(char *file, int format); |
| 97 | #else | ||
| 98 | static X509_CRL *load_crl(); | ||
| 99 | #endif | ||
| 100 | |||
| 101 | static BIO *bio_out=NULL; | 95 | static BIO *bio_out=NULL; |
| 102 | 96 | ||
| 103 | int MAIN(argc, argv) | 97 | int MAIN(int, char **); |
| 104 | int argc; | 98 | |
| 105 | char **argv; | 99 | int MAIN(int argc, char **argv) |
| 106 | { | 100 | { |
| 101 | unsigned long nmflag = 0; | ||
| 107 | X509_CRL *x=NULL; | 102 | X509_CRL *x=NULL; |
| 103 | char *CAfile = NULL, *CApath = NULL; | ||
| 108 | int ret=1,i,num,badops=0; | 104 | int ret=1,i,num,badops=0; |
| 109 | BIO *out=NULL; | 105 | BIO *out=NULL; |
| 110 | int informat,outformat; | 106 | int informat,outformat; |
| 111 | char *infile=NULL,*outfile=NULL; | 107 | char *infile=NULL,*outfile=NULL; |
| 112 | int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0; | 108 | int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; |
| 113 | char **pp,buf[256]; | 109 | int fingerprint = 0; |
| 110 | char **pp; | ||
| 111 | X509_STORE *store = NULL; | ||
| 112 | X509_STORE_CTX ctx; | ||
| 113 | X509_LOOKUP *lookup = NULL; | ||
| 114 | X509_OBJECT xobj; | ||
| 115 | EVP_PKEY *pkey; | ||
| 116 | int do_ver = 0; | ||
| 117 | const EVP_MD *md_alg,*digest=EVP_md5(); | ||
| 114 | 118 | ||
| 115 | apps_startup(); | 119 | apps_startup(); |
| 116 | 120 | ||
| @@ -118,9 +122,20 @@ char **argv; | |||
| 118 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 122 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| 119 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 123 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
| 120 | 124 | ||
| 125 | if (!load_config(bio_err, NULL)) | ||
| 126 | goto end; | ||
| 127 | |||
| 121 | if (bio_out == NULL) | 128 | if (bio_out == NULL) |
| 122 | if ((bio_out=BIO_new(BIO_s_file())) != NULL) | 129 | if ((bio_out=BIO_new(BIO_s_file())) != NULL) |
| 130 | { | ||
| 123 | BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); | 131 | BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); |
| 132 | #ifdef OPENSSL_SYS_VMS | ||
| 133 | { | ||
| 134 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | ||
| 135 | bio_out = BIO_push(tmpbio, bio_out); | ||
| 136 | } | ||
| 137 | #endif | ||
| 138 | } | ||
| 124 | 139 | ||
| 125 | informat=FORMAT_PEM; | 140 | informat=FORMAT_PEM; |
| 126 | outformat=FORMAT_PEM; | 141 | outformat=FORMAT_PEM; |
| @@ -147,10 +162,6 @@ char **argv; | |||
| 147 | if (--argc < 1) goto bad; | 162 | if (--argc < 1) goto bad; |
| 148 | outformat=str2fmt(*(++argv)); | 163 | outformat=str2fmt(*(++argv)); |
| 149 | } | 164 | } |
| 150 | else if (strcmp(*argv,"-text") == 0) | ||
| 151 | { | ||
| 152 | outformat=FORMAT_TEXT; | ||
| 153 | } | ||
| 154 | else if (strcmp(*argv,"-in") == 0) | 165 | else if (strcmp(*argv,"-in") == 0) |
| 155 | { | 166 | { |
| 156 | if (--argc < 1) goto bad; | 167 | if (--argc < 1) goto bad; |
| @@ -161,8 +172,29 @@ char **argv; | |||
| 161 | if (--argc < 1) goto bad; | 172 | if (--argc < 1) goto bad; |
| 162 | outfile= *(++argv); | 173 | outfile= *(++argv); |
| 163 | } | 174 | } |
| 175 | else if (strcmp(*argv,"-CApath") == 0) | ||
| 176 | { | ||
| 177 | if (--argc < 1) goto bad; | ||
| 178 | CApath = *(++argv); | ||
| 179 | do_ver = 1; | ||
| 180 | } | ||
| 181 | else if (strcmp(*argv,"-CAfile") == 0) | ||
| 182 | { | ||
| 183 | if (--argc < 1) goto bad; | ||
| 184 | CAfile = *(++argv); | ||
| 185 | do_ver = 1; | ||
| 186 | } | ||
| 187 | else if (strcmp(*argv,"-verify") == 0) | ||
| 188 | do_ver = 1; | ||
| 189 | else if (strcmp(*argv,"-text") == 0) | ||
| 190 | text = 1; | ||
| 164 | else if (strcmp(*argv,"-hash") == 0) | 191 | else if (strcmp(*argv,"-hash") == 0) |
| 165 | hash= ++num; | 192 | hash= ++num; |
| 193 | else if (strcmp(*argv,"-nameopt") == 0) | ||
| 194 | { | ||
| 195 | if (--argc < 1) goto bad; | ||
| 196 | if (!set_name_ex(&nmflag, *(++argv))) goto bad; | ||
| 197 | } | ||
| 166 | else if (strcmp(*argv,"-issuer") == 0) | 198 | else if (strcmp(*argv,"-issuer") == 0) |
| 167 | issuer= ++num; | 199 | issuer= ++num; |
| 168 | else if (strcmp(*argv,"-lastupdate") == 0) | 200 | else if (strcmp(*argv,"-lastupdate") == 0) |
| @@ -171,6 +203,13 @@ char **argv; | |||
| 171 | nextupdate= ++num; | 203 | nextupdate= ++num; |
| 172 | else if (strcmp(*argv,"-noout") == 0) | 204 | else if (strcmp(*argv,"-noout") == 0) |
| 173 | noout= ++num; | 205 | noout= ++num; |
| 206 | else if (strcmp(*argv,"-fingerprint") == 0) | ||
| 207 | fingerprint= ++num; | ||
| 208 | else if ((md_alg=EVP_get_digestbyname(*argv + 1))) | ||
| 209 | { | ||
| 210 | /* ok */ | ||
| 211 | digest=md_alg; | ||
| 212 | } | ||
| 174 | else | 213 | else |
| 175 | { | 214 | { |
| 176 | BIO_printf(bio_err,"unknown option %s\n",*argv); | 215 | BIO_printf(bio_err,"unknown option %s\n",*argv); |
| @@ -181,19 +220,11 @@ char **argv; | |||
| 181 | argv++; | 220 | argv++; |
| 182 | } | 221 | } |
| 183 | 222 | ||
| 184 | if (outformat == FORMAT_TEXT) | ||
| 185 | { | ||
| 186 | num=0; | ||
| 187 | issuer= ++num; | ||
| 188 | lastupdate= ++num; | ||
| 189 | nextupdate= ++num; | ||
| 190 | } | ||
| 191 | |||
| 192 | if (badops) | 223 | if (badops) |
| 193 | { | 224 | { |
| 194 | bad: | 225 | bad: |
| 195 | for (pp=crl_usage; (*pp != NULL); pp++) | 226 | for (pp=crl_usage; (*pp != NULL); pp++) |
| 196 | BIO_printf(bio_err,*pp); | 227 | BIO_printf(bio_err,"%s",*pp); |
| 197 | goto end; | 228 | goto end; |
| 198 | } | 229 | } |
| 199 | 230 | ||
| @@ -201,41 +232,100 @@ bad: | |||
| 201 | x=load_crl(infile,informat); | 232 | x=load_crl(infile,informat); |
| 202 | if (x == NULL) { goto end; } | 233 | if (x == NULL) { goto end; } |
| 203 | 234 | ||
| 235 | if(do_ver) { | ||
| 236 | store = X509_STORE_new(); | ||
| 237 | lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); | ||
| 238 | if (lookup == NULL) goto end; | ||
| 239 | if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) | ||
| 240 | X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); | ||
| 241 | |||
| 242 | lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); | ||
| 243 | if (lookup == NULL) goto end; | ||
| 244 | if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) | ||
| 245 | X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); | ||
| 246 | ERR_clear_error(); | ||
| 247 | |||
| 248 | if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { | ||
| 249 | BIO_printf(bio_err, | ||
| 250 | "Error initialising X509 store\n"); | ||
| 251 | goto end; | ||
| 252 | } | ||
| 253 | |||
| 254 | i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, | ||
| 255 | X509_CRL_get_issuer(x), &xobj); | ||
| 256 | if(i <= 0) { | ||
| 257 | BIO_printf(bio_err, | ||
| 258 | "Error getting CRL issuer certificate\n"); | ||
| 259 | goto end; | ||
| 260 | } | ||
| 261 | pkey = X509_get_pubkey(xobj.data.x509); | ||
| 262 | X509_OBJECT_free_contents(&xobj); | ||
| 263 | if(!pkey) { | ||
| 264 | BIO_printf(bio_err, | ||
| 265 | "Error getting CRL issuer public key\n"); | ||
| 266 | goto end; | ||
| 267 | } | ||
| 268 | i = X509_CRL_verify(x, pkey); | ||
| 269 | EVP_PKEY_free(pkey); | ||
| 270 | if(i < 0) goto end; | ||
| 271 | if(i == 0) BIO_printf(bio_err, "verify failure\n"); | ||
| 272 | else BIO_printf(bio_err, "verify OK\n"); | ||
| 273 | } | ||
| 274 | |||
| 204 | if (num) | 275 | if (num) |
| 205 | { | 276 | { |
| 206 | for (i=1; i<=num; i++) | 277 | for (i=1; i<=num; i++) |
| 207 | { | 278 | { |
| 208 | if (issuer == i) | 279 | if (issuer == i) |
| 209 | { | 280 | { |
| 210 | X509_NAME_oneline(x->crl->issuer,buf,256); | 281 | print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); |
| 211 | fprintf(stdout,"issuer= %s\n",buf); | ||
| 212 | } | 282 | } |
| 213 | 283 | ||
| 214 | if (hash == i) | 284 | if (hash == i) |
| 215 | { | 285 | { |
| 216 | fprintf(stdout,"%08lx\n", | 286 | BIO_printf(bio_out,"%08lx\n", |
| 217 | X509_NAME_hash(x->crl->issuer)); | 287 | X509_NAME_hash(X509_CRL_get_issuer(x))); |
| 218 | } | 288 | } |
| 219 | if (lastupdate == i) | 289 | if (lastupdate == i) |
| 220 | { | 290 | { |
| 221 | fprintf(stdout,"lastUpdate="); | 291 | BIO_printf(bio_out,"lastUpdate="); |
| 222 | ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate); | 292 | ASN1_TIME_print(bio_out, |
| 223 | fprintf(stdout,"\n"); | 293 | X509_CRL_get_lastUpdate(x)); |
| 294 | BIO_printf(bio_out,"\n"); | ||
| 224 | } | 295 | } |
| 225 | if (nextupdate == i) | 296 | if (nextupdate == i) |
| 226 | { | 297 | { |
| 227 | fprintf(stdout,"nextUpdate="); | 298 | BIO_printf(bio_out,"nextUpdate="); |
| 228 | if (x->crl->nextUpdate != NULL) | 299 | if (X509_CRL_get_nextUpdate(x)) |
| 229 | ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate); | 300 | ASN1_TIME_print(bio_out, |
| 301 | X509_CRL_get_nextUpdate(x)); | ||
| 230 | else | 302 | else |
| 231 | fprintf(stdout,"NONE"); | 303 | BIO_printf(bio_out,"NONE"); |
| 232 | fprintf(stdout,"\n"); | 304 | BIO_printf(bio_out,"\n"); |
| 305 | } | ||
| 306 | if (fingerprint == i) | ||
| 307 | { | ||
| 308 | int j; | ||
| 309 | unsigned int n; | ||
| 310 | unsigned char md[EVP_MAX_MD_SIZE]; | ||
| 311 | |||
| 312 | if (!X509_CRL_digest(x,digest,md,&n)) | ||
| 313 | { | ||
| 314 | BIO_printf(bio_err,"out of memory\n"); | ||
| 315 | goto end; | ||
| 316 | } | ||
| 317 | BIO_printf(bio_out,"%s Fingerprint=", | ||
| 318 | OBJ_nid2sn(EVP_MD_type(digest))); | ||
| 319 | for (j=0; j<(int)n; j++) | ||
| 320 | { | ||
| 321 | BIO_printf(bio_out,"%02X%c",md[j], | ||
| 322 | (j+1 == (int)n) | ||
| 323 | ?'\n':':'); | ||
| 324 | } | ||
| 233 | } | 325 | } |
| 234 | } | 326 | } |
| 235 | } | 327 | } |
| 236 | 328 | ||
| 237 | if (noout) goto end; | ||
| 238 | |||
| 239 | out=BIO_new(BIO_s_file()); | 329 | out=BIO_new(BIO_s_file()); |
| 240 | if (out == NULL) | 330 | if (out == NULL) |
| 241 | { | 331 | { |
| @@ -244,7 +334,15 @@ bad: | |||
| 244 | } | 334 | } |
| 245 | 335 | ||
| 246 | if (outfile == NULL) | 336 | if (outfile == NULL) |
| 337 | { | ||
| 247 | BIO_set_fp(out,stdout,BIO_NOCLOSE); | 338 | BIO_set_fp(out,stdout,BIO_NOCLOSE); |
| 339 | #ifdef OPENSSL_SYS_VMS | ||
| 340 | { | ||
| 341 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | ||
| 342 | out = BIO_push(tmpbio, out); | ||
| 343 | } | ||
| 344 | #endif | ||
| 345 | } | ||
| 248 | else | 346 | else |
| 249 | { | 347 | { |
| 250 | if (BIO_write_filename(out,outfile) <= 0) | 348 | if (BIO_write_filename(out,outfile) <= 0) |
| @@ -254,27 +352,14 @@ bad: | |||
| 254 | } | 352 | } |
| 255 | } | 353 | } |
| 256 | 354 | ||
| 355 | if (text) X509_CRL_print(out, x); | ||
| 356 | |||
| 357 | if (noout) goto end; | ||
| 358 | |||
| 257 | if (outformat == FORMAT_ASN1) | 359 | if (outformat == FORMAT_ASN1) |
| 258 | i=(int)i2d_X509_CRL_bio(out,x); | 360 | i=(int)i2d_X509_CRL_bio(out,x); |
| 259 | else if (outformat == FORMAT_PEM) | 361 | else if (outformat == FORMAT_PEM) |
| 260 | i=PEM_write_bio_X509_CRL(out,x); | 362 | i=PEM_write_bio_X509_CRL(out,x); |
| 261 | else if (outformat == FORMAT_TEXT) | ||
| 262 | { | ||
| 263 | X509_REVOKED *r; | ||
| 264 | STACK *sk; | ||
| 265 | |||
| 266 | sk=sk_dup(x->crl->revoked); | ||
| 267 | while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL) | ||
| 268 | { | ||
| 269 | fprintf(stdout,"revoked: serialNumber="); | ||
| 270 | i2a_ASN1_INTEGER(out,r->serialNumber); | ||
| 271 | fprintf(stdout," revocationDate="); | ||
| 272 | ASN1_UTCTIME_print(bio_out,r->revocationDate); | ||
| 273 | fprintf(stdout,"\n"); | ||
| 274 | } | ||
| 275 | sk_free(sk); | ||
| 276 | i=1; | ||
| 277 | } | ||
| 278 | else | 363 | else |
| 279 | { | 364 | { |
| 280 | BIO_printf(bio_err,"bad output format specified for outfile\n"); | 365 | BIO_printf(bio_err,"bad output format specified for outfile\n"); |
| @@ -283,15 +368,19 @@ bad: | |||
| 283 | if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } | 368 | if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } |
| 284 | ret=0; | 369 | ret=0; |
| 285 | end: | 370 | end: |
| 286 | if (out != NULL) BIO_free(out); | 371 | BIO_free_all(out); |
| 287 | if (bio_out != NULL) BIO_free(bio_out); | 372 | BIO_free_all(bio_out); |
| 288 | if (x != NULL) X509_CRL_free(x); | 373 | bio_out=NULL; |
| 374 | X509_CRL_free(x); | ||
| 375 | if(store) { | ||
| 376 | X509_STORE_CTX_cleanup(&ctx); | ||
| 377 | X509_STORE_free(store); | ||
| 378 | } | ||
| 379 | apps_shutdown(); | ||
| 289 | EXIT(ret); | 380 | EXIT(ret); |
| 290 | } | 381 | } |
| 291 | 382 | ||
| 292 | static X509_CRL *load_crl(infile, format) | 383 | static X509_CRL *load_crl(char *infile, int format) |
| 293 | char *infile; | ||
| 294 | int format; | ||
| 295 | { | 384 | { |
| 296 | X509_CRL *x=NULL; | 385 | X509_CRL *x=NULL; |
| 297 | BIO *in=NULL; | 386 | BIO *in=NULL; |
| @@ -316,7 +405,7 @@ int format; | |||
| 316 | if (format == FORMAT_ASN1) | 405 | if (format == FORMAT_ASN1) |
| 317 | x=d2i_X509_CRL_bio(in,NULL); | 406 | x=d2i_X509_CRL_bio(in,NULL); |
| 318 | else if (format == FORMAT_PEM) | 407 | else if (format == FORMAT_PEM) |
| 319 | x=PEM_read_bio_X509_CRL(in,NULL,NULL); | 408 | x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
| 320 | else { | 409 | else { |
| 321 | BIO_printf(bio_err,"bad input format specified for input crl\n"); | 410 | BIO_printf(bio_err,"bad input format specified for input crl\n"); |
| 322 | goto end; | 411 | goto end; |
| @@ -329,7 +418,7 @@ int format; | |||
| 329 | } | 418 | } |
| 330 | 419 | ||
| 331 | end: | 420 | end: |
| 332 | if (in != NULL) BIO_free(in); | 421 | BIO_free(in); |
| 333 | return(x); | 422 | return(x); |
| 334 | } | 423 | } |
| 335 | 424 | ||