summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-08-28 14:01:32 +0000
committerjsing <>2014-08-28 14:01:32 +0000
commitf430ac8944374866d079eae7d55e530af6edae73 (patch)
tree8dc6f56c3904b6b218d9df17fe6516dd25cd1083 /src
parent20dd3d98ab544891d2ff1d18d858c7e1820c1553 (diff)
downloadopenbsd-f430ac8944374866d079eae7d55e530af6edae73.tar.gz
openbsd-f430ac8944374866d079eae7d55e530af6edae73.tar.bz2
openbsd-f430ac8944374866d079eae7d55e530af6edae73.zip
Convert openssl(1) crl to new option/usage handling.
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/crl.c432
1 files changed, 246 insertions, 186 deletions
diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c
index 04de5a2f12..ef0198c733 100644
--- a/src/usr.bin/openssl/crl.c
+++ b/src/usr.bin/openssl/crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl.c,v 1.1 2014/08/26 17:47:24 jsing Exp $ */ 1/* $OpenBSD: crl.c,v 1.2 2014/08/28 14:01:32 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,30 +70,150 @@
70 70
71#define POSTFIX ".rvk" 71#define POSTFIX ".rvk"
72 72
73static const char *crl_usage[] = { 73static struct {
74 "usage: crl args\n", 74 char *cafile;
75 "\n", 75 char *capath;
76 " -inform arg - input format - default PEM (DER or PEM)\n", 76 int crlnumber;
77 " -outform arg - output format - default PEM\n", 77 int fingerprint;
78 " -text - print out a text format version\n", 78 int hash;
79 " -in arg - input file - default stdin\n", 79 int hash_old;
80 " -out arg - output file - default stdout\n", 80 char *infile;
81 " -hash - print hash value\n", 81 int informat;
82#ifndef OPENSSL_NO_MD5 82 int issuer;
83 " -hash_old - print old-style (MD5) hash value\n", 83 int lastupdate;
84#endif 84 char *nameopt;
85 " -fingerprint - print the crl fingerprint\n", 85 int nextupdate;
86 " -issuer - print issuer DN\n", 86 int noout;
87 " -lastupdate - lastUpdate field\n", 87 char *outfile;
88 " -nextupdate - nextUpdate field\n", 88 int outformat;
89 " -crlnumber - print CRL number\n", 89 int text;
90 " -noout - no CRL output\n", 90 int verify;
91 " -CAfile name - verify CRL using certificates in file \"name\"\n", 91} crl_config;
92 " -CApath dir - verify CRL using certificates in \"dir\"\n", 92
93 " -nameopt arg - various certificate name options\n", 93static struct option crl_options[] = {
94 NULL 94 {
95 .name = "CAfile",
96 .argname = "file",
97 .desc = "Verify the CRL using certificates in the given file",
98 .type = OPTION_ARG,
99 .opt.arg = &crl_config.cafile,
100 },
101 {
102 .name = "CApath",
103 .argname = "path",
104 .desc = "Verify the CRL using certificates in the given path",
105 .type = OPTION_ARG,
106 .opt.arg = &crl_config.capath,
107 },
108 {
109 .name = "crlnumber",
110 .desc = "Print the CRL number",
111 .type = OPTION_FLAG_ORD,
112 .opt.flag = &crl_config.crlnumber,
113 },
114 {
115 .name = "fingerprint",
116 .desc = "Print the CRL fingerprint",
117 .type = OPTION_FLAG_ORD,
118 .opt.flag = &crl_config.fingerprint,
119 },
120 {
121 .name = "hash",
122 .desc = "Print the hash of the issuer name",
123 .type = OPTION_FLAG_ORD,
124 .opt.flag = &crl_config.hash,
125 },
126 {
127 .name = "hash_old",
128 .desc = "Print an old-style (MD5) hash of the issuer name",
129 .type = OPTION_FLAG_ORD,
130 .opt.flag = &crl_config.hash_old,
131 },
132 {
133 .name = "in",
134 .argname = "file",
135 .desc = "Input file to read from (stdin if unspecified)",
136 .type = OPTION_ARG,
137 .opt.arg = &crl_config.infile,
138 },
139 {
140 .name = "inform",
141 .argname = "format",
142 .desc = "Input format (DER or PEM)",
143 .type = OPTION_ARG_FORMAT,
144 .opt.value = &crl_config.informat,
145 },
146 {
147 .name = "issuer",
148 .desc = "Print the issuer name",
149 .type = OPTION_FLAG_ORD,
150 .opt.flag = &crl_config.issuer,
151 },
152 {
153 .name = "lastupdate",
154 .desc = "Print the lastUpdate field",
155 .type = OPTION_FLAG_ORD,
156 .opt.flag = &crl_config.lastupdate,
157 },
158 {
159 .name = "nameopt",
160 .argname = "options",
161 .desc = "Specify certificate name options",
162 .type = OPTION_ARG,
163 .opt.arg = &crl_config.nameopt,
164 },
165 {
166 .name = "nextupdate",
167 .desc = "Print the nextUpdate field",
168 .type = OPTION_FLAG_ORD,
169 .opt.flag = &crl_config.nextupdate,
170 },
171 {
172 .name = "noout",
173 .desc = "Do not output the encoded version of the CRL",
174 .type = OPTION_FLAG,
175 .opt.flag = &crl_config.noout,
176 },
177 {
178 .name = "out",
179 .argname = "file",
180 .desc = "Output file to write to (stdout if unspecified)",
181 .type = OPTION_ARG,
182 .opt.arg = &crl_config.outfile,
183 },
184 {
185 .name = "outform",
186 .argname = "format",
187 .desc = "Output format (DER or PEM)",
188 .type = OPTION_ARG_FORMAT,
189 .opt.value = &crl_config.outformat,
190 },
191 {
192 .name = "text",
193 .desc = "Print out the CRL in text form",
194 .type = OPTION_FLAG,
195 .opt.flag = &crl_config.text,
196 },
197 {
198 .name = "verify",
199 .desc = "Verify the signature on the CRL",
200 .type = OPTION_FLAG,
201 .opt.flag = &crl_config.verify,
202 },
203 {},
95}; 204};
96 205
206static void
207crl_usage(void)
208{
209 fprintf(stderr,
210 "usage: crl [-CAfile file] [-CApath dir] [-fingerprint] [-hash]\n"
211 " [-in file] [-inform DER | PEM] [-issuer] [-lastupdate]\n"
212 " [-nextupdate] [-noout] [-out file] [-outform DER | PEM]\n"
213 " [-text]\n\n");
214 options_usage(crl_options);
215}
216
97static X509_CRL *load_crl(char *file, int format); 217static X509_CRL *load_crl(char *file, int format);
98static BIO *bio_out = NULL; 218static BIO *bio_out = NULL;
99 219
@@ -104,135 +224,74 @@ crl_main(int argc, char **argv)
104{ 224{
105 unsigned long nmflag = 0; 225 unsigned long nmflag = 0;
106 X509_CRL *x = NULL; 226 X509_CRL *x = NULL;
107 char *CAfile = NULL, *CApath = NULL; 227 int ret = 1, i;
108 int ret = 1, i, num, badops = 0;
109 BIO *out = NULL; 228 BIO *out = NULL;
110 int informat, outformat;
111 char *infile = NULL, *outfile = NULL;
112 int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0,
113 text = 0;
114#ifndef OPENSSL_NO_MD5
115 int hash_old = 0;
116#endif
117 int fingerprint = 0, crlnumber = 0;
118 const char **pp;
119 X509_STORE *store = NULL; 229 X509_STORE *store = NULL;
120 X509_STORE_CTX ctx; 230 X509_STORE_CTX ctx;
121 X509_LOOKUP *lookup = NULL; 231 X509_LOOKUP *lookup = NULL;
122 X509_OBJECT xobj; 232 X509_OBJECT xobj;
123 EVP_PKEY *pkey; 233 EVP_PKEY *pkey;
124 int do_ver = 0; 234 const EVP_MD *digest;
125 const EVP_MD *md_alg, *digest = EVP_sha1(); 235 char *digest_name = NULL;
126 236
127 if (bio_out == NULL) 237 if (bio_out == NULL) {
128 if ((bio_out = BIO_new(BIO_s_file())) != NULL) { 238 if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
129 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); 239 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
130 } 240 }
131 informat = FORMAT_PEM; 241 }
132 outformat = FORMAT_PEM;
133 242
134 argc--; 243 digest = EVP_sha1();
135 argv++; 244
136 num = 0; 245 memset(&crl_config, 0, sizeof(crl_config));
137 while (argc >= 1) { 246 crl_config.informat = FORMAT_PEM;
138#ifdef undef 247 crl_config.outformat = FORMAT_PEM;
139 if (strcmp(*argv, "-p") == 0) { 248
140 if (--argc < 1) 249 if (options_parse(argc, argv, crl_options, &digest_name) != 0) {
141 goto bad; 250 crl_usage();
142 if (!args_from_file(++argv, Nargc, Nargv)) { 251 goto end;
143 goto end; 252 }
144 } 253
145 } 254 if (crl_config.cafile != NULL || crl_config.capath != NULL)
146#endif 255 crl_config.verify = 1;
147 if (strcmp(*argv, "-inform") == 0) { 256
148 if (--argc < 1) 257 if (crl_config.nameopt != NULL) {
149 goto bad; 258 if (set_name_ex(&nmflag, crl_config.nameopt) != 1) {
150 informat = str2fmt(*(++argv)); 259 fprintf(stderr,
151 } else if (strcmp(*argv, "-outform") == 0) { 260 "Invalid -nameopt argument '%s'\n",
152 if (--argc < 1) 261 crl_config.nameopt);
153 goto bad; 262 goto end;
154 outformat = str2fmt(*(++argv));
155 } else if (strcmp(*argv, "-in") == 0) {
156 if (--argc < 1)
157 goto bad;
158 infile = *(++argv);
159 } else if (strcmp(*argv, "-out") == 0) {
160 if (--argc < 1)
161 goto bad;
162 outfile = *(++argv);
163 } else if (strcmp(*argv, "-CApath") == 0) {
164 if (--argc < 1)
165 goto bad;
166 CApath = *(++argv);
167 do_ver = 1;
168 } else if (strcmp(*argv, "-CAfile") == 0) {
169 if (--argc < 1)
170 goto bad;
171 CAfile = *(++argv);
172 do_ver = 1;
173 } else if (strcmp(*argv, "-verify") == 0)
174 do_ver = 1;
175 else if (strcmp(*argv, "-text") == 0)
176 text = 1;
177 else if (strcmp(*argv, "-hash") == 0)
178 hash = ++num;
179#ifndef OPENSSL_NO_MD5
180 else if (strcmp(*argv, "-hash_old") == 0)
181 hash_old = ++num;
182#endif
183 else if (strcmp(*argv, "-nameopt") == 0) {
184 if (--argc < 1)
185 goto bad;
186 if (!set_name_ex(&nmflag, *(++argv)))
187 goto bad;
188 } else if (strcmp(*argv, "-issuer") == 0)
189 issuer = ++num;
190 else if (strcmp(*argv, "-lastupdate") == 0)
191 lastupdate = ++num;
192 else if (strcmp(*argv, "-nextupdate") == 0)
193 nextupdate = ++num;
194 else if (strcmp(*argv, "-noout") == 0)
195 noout = ++num;
196 else if (strcmp(*argv, "-fingerprint") == 0)
197 fingerprint = ++num;
198 else if (strcmp(*argv, "-crlnumber") == 0)
199 crlnumber = ++num;
200 else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
201 /* ok */
202 digest = md_alg;
203 } else {
204 BIO_printf(bio_err, "unknown option %s\n", *argv);
205 badops = 1;
206 break;
207 } 263 }
208 argc--;
209 argv++;
210 } 264 }
211 265
212 if (badops) { 266 if (digest_name != NULL) {
213bad: 267 if ((digest = EVP_get_digestbyname(digest_name)) == NULL) {
214 for (pp = crl_usage; (*pp != NULL); pp++) 268 fprintf(stderr,
215 BIO_printf(bio_err, "%s", *pp); 269 "Unknown message digest algorithm '%s'\n",
216 goto end; 270 digest_name);
271 goto end;
272 }
217 } 273 }
274
218 ERR_load_crypto_strings(); 275 ERR_load_crypto_strings();
219 x = load_crl(infile, informat); 276 x = load_crl(crl_config.infile, crl_config.informat);
220 if (x == NULL) { 277 if (x == NULL)
221 goto end; 278 goto end;
222 } 279
223 if (do_ver) { 280 if (crl_config.verify) {
224 store = X509_STORE_new(); 281 store = X509_STORE_new();
225 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); 282 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
226 if (lookup == NULL) 283 if (lookup == NULL)
227 goto end; 284 goto end;
228 if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) 285 if (!X509_LOOKUP_load_file(lookup, crl_config.cafile,
286 X509_FILETYPE_PEM))
229 X509_LOOKUP_load_file(lookup, NULL, 287 X509_LOOKUP_load_file(lookup, NULL,
230 X509_FILETYPE_DEFAULT); 288 X509_FILETYPE_DEFAULT);
231 289
232 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); 290 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
233 if (lookup == NULL) 291 if (lookup == NULL)
234 goto end; 292 goto end;
235 if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) 293 if (!X509_LOOKUP_add_dir(lookup, crl_config.capath,
294 X509_FILETYPE_PEM))
236 X509_LOOKUP_add_dir(lookup, NULL, 295 X509_LOOKUP_add_dir(lookup, NULL,
237 X509_FILETYPE_DEFAULT); 296 X509_FILETYPE_DEFAULT);
238 ERR_clear_error(); 297 ERR_clear_error();
@@ -265,91 +324,92 @@ bad:
265 else 324 else
266 BIO_printf(bio_err, "verify OK\n"); 325 BIO_printf(bio_err, "verify OK\n");
267 } 326 }
268 if (num) { 327
269 for (i = 1; i <= num; i++) { 328 /* Print requested information the order that the flags were given. */
270 if (issuer == i) { 329 for (i = 1; i <= argc; i++) {
271 print_name(bio_out, "issuer=", 330 if (crl_config.issuer == i) {
272 X509_CRL_get_issuer(x), nmflag); 331 print_name(bio_out, "issuer=",
273 } 332 X509_CRL_get_issuer(x), nmflag);
274 if (crlnumber == i) { 333 }
275 ASN1_INTEGER *crlnum; 334 if (crl_config.crlnumber == i) {
276 crlnum = X509_CRL_get_ext_d2i(x, 335 ASN1_INTEGER *crlnum;
277 NID_crl_number, NULL, NULL); 336 crlnum = X509_CRL_get_ext_d2i(x,
278 BIO_printf(bio_out, "crlNumber="); 337 NID_crl_number, NULL, NULL);
279 if (crlnum) { 338 BIO_printf(bio_out, "crlNumber=");
280 i2a_ASN1_INTEGER(bio_out, crlnum); 339 if (crlnum) {
281 ASN1_INTEGER_free(crlnum); 340 i2a_ASN1_INTEGER(bio_out, crlnum);
282 } else 341 ASN1_INTEGER_free(crlnum);
283 BIO_puts(bio_out, "<NONE>"); 342 } else
284 BIO_printf(bio_out, "\n"); 343 BIO_puts(bio_out, "<NONE>");
285 } 344 BIO_printf(bio_out, "\n");
286 if (hash == i) { 345 }
287 BIO_printf(bio_out, "%08lx\n", 346 if (crl_config.hash == i) {
288 X509_NAME_hash(X509_CRL_get_issuer(x))); 347 BIO_printf(bio_out, "%08lx\n",
289 } 348 X509_NAME_hash(X509_CRL_get_issuer(x)));
349 }
290#ifndef OPENSSL_NO_MD5 350#ifndef OPENSSL_NO_MD5
291 if (hash_old == i) { 351 if (crl_config.hash_old == i) {
292 BIO_printf(bio_out, "%08lx\n", 352 BIO_printf(bio_out, "%08lx\n",
293 X509_NAME_hash_old(X509_CRL_get_issuer(x))); 353 X509_NAME_hash_old(X509_CRL_get_issuer(x)));
294 } 354 }
295#endif 355#endif
296 if (lastupdate == i) { 356 if (crl_config.lastupdate == i) {
297 BIO_printf(bio_out, "lastUpdate="); 357 BIO_printf(bio_out, "lastUpdate=");
358 ASN1_TIME_print(bio_out,
359 X509_CRL_get_lastUpdate(x));
360 BIO_printf(bio_out, "\n");
361 }
362 if (crl_config.nextupdate == i) {
363 BIO_printf(bio_out, "nextUpdate=");
364 if (X509_CRL_get_nextUpdate(x))
298 ASN1_TIME_print(bio_out, 365 ASN1_TIME_print(bio_out,
299 X509_CRL_get_lastUpdate(x)); 366 X509_CRL_get_nextUpdate(x));
300 BIO_printf(bio_out, "\n"); 367 else
301 } 368 BIO_printf(bio_out, "NONE");
302 if (nextupdate == i) { 369 BIO_printf(bio_out, "\n");
303 BIO_printf(bio_out, "nextUpdate="); 370 }
304 if (X509_CRL_get_nextUpdate(x)) 371 if (crl_config.fingerprint == i) {
305 ASN1_TIME_print(bio_out, 372 int j;
306 X509_CRL_get_nextUpdate(x)); 373 unsigned int n;
307 else 374 unsigned char md[EVP_MAX_MD_SIZE];
308 BIO_printf(bio_out, "NONE");
309 BIO_printf(bio_out, "\n");
310 }
311 if (fingerprint == i) {
312 int j;
313 unsigned int n;
314 unsigned char md[EVP_MAX_MD_SIZE];
315 375
316 if (!X509_CRL_digest(x, digest, md, &n)) { 376 if (!X509_CRL_digest(x, digest, md, &n)) {
317 BIO_printf(bio_err, "out of memory\n"); 377 BIO_printf(bio_err, "out of memory\n");
318 goto end; 378 goto end;
319 } 379 }
320 BIO_printf(bio_out, "%s Fingerprint=", 380 BIO_printf(bio_out, "%s Fingerprint=",
321 OBJ_nid2sn(EVP_MD_type(digest))); 381 OBJ_nid2sn(EVP_MD_type(digest)));
322 for (j = 0; j < (int) n; j++) { 382 for (j = 0; j < (int) n; j++) {
323 BIO_printf(bio_out, "%02X%c", md[j], 383 BIO_printf(bio_out, "%02X%c", md[j],
324 (j + 1 == (int)n) ? '\n' : ':'); 384 (j + 1 == (int)n) ? '\n' : ':');
325 }
326 } 385 }
327 } 386 }
328 } 387 }
388
329 out = BIO_new(BIO_s_file()); 389 out = BIO_new(BIO_s_file());
330 if (out == NULL) { 390 if (out == NULL) {
331 ERR_print_errors(bio_err); 391 ERR_print_errors(bio_err);
332 goto end; 392 goto end;
333 } 393 }
334 if (outfile == NULL) { 394 if (crl_config.outfile == NULL) {
335 BIO_set_fp(out, stdout, BIO_NOCLOSE); 395 BIO_set_fp(out, stdout, BIO_NOCLOSE);
336 } else { 396 } else {
337 if (BIO_write_filename(out, outfile) <= 0) { 397 if (BIO_write_filename(out, crl_config.outfile) <= 0) {
338 perror(outfile); 398 perror(crl_config.outfile);
339 goto end; 399 goto end;
340 } 400 }
341 } 401 }
342 402
343 if (text) 403 if (crl_config.text)
344 X509_CRL_print(out, x); 404 X509_CRL_print(out, x);
345 405
346 if (noout) { 406 if (crl_config.noout) {
347 ret = 0; 407 ret = 0;
348 goto end; 408 goto end;
349 } 409 }
350 if (outformat == FORMAT_ASN1) 410 if (crl_config.outformat == FORMAT_ASN1)
351 i = (int) i2d_X509_CRL_bio(out, x); 411 i = (int) i2d_X509_CRL_bio(out, x);
352 else if (outformat == FORMAT_PEM) 412 else if (crl_config.outformat == FORMAT_PEM)
353 i = PEM_write_bio_X509_CRL(out, x); 413 i = PEM_write_bio_X509_CRL(out, x);
354 else { 414 else {
355 BIO_printf(bio_err, 415 BIO_printf(bio_err,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 12:43:24 +0000