Overhaul 'crl' application, add a proper X509_CRL_print function and start

to support CRL extensions.

CHANGES

@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
   *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
      key usage extension and fuller support for authority key id.
      [Steve Henson]

apps/crl.c

@@ -63,6 +63,7 @@
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "pem.h"
 
 #undef PROG
@@ -104,7 +105,7 @@ char **argv;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 
 	apps_startup();
@@ -142,10 +143,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -156,6 +153,8 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -176,14 +175,6 @@ char **argv;
 		argv++;
 		}
 
-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
@@ -193,6 +184,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 
@@ -203,28 +195,28 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
+				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
+				BIO_printf(bio_out,"lastUpdate=");
 				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
+				BIO_printf(bio_out,"nextUpdate=");
 				if (x->crl->nextUpdate != NULL)
 					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
 				else
-					fprintf(stdout,"NONE");
-				fprintf(stdout,"\n");
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
@@ -249,27 +241,11 @@ bad:
 			}
 		}
 
+	if (text) X509_CRL_print(out, x);
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-		STACK *sk;
-
-		sk=sk_dup(x->crl->revoked);
-		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_TIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		sk_free(sk);
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,9 +254,10 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	BIO_free(out);
+	BIO_free(bio_out);
+	X509_CRL_free(x);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
@@ -324,7 +301,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
 

crypto/asn1/Makefile.ssl

@@ -30,7 +30,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
 	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-	t_req.c t_x509.c t_pkey.c \
+	t_req.c t_x509.c t_crl.c t_pkey.c \
 	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
 	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
 	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
@@ -45,7 +45,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
 	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-	t_req.o t_x509.o t_pkey.o \
+	t_req.o t_x509.o t_crl.o t_pkey.o \
 	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
 	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
 	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \

crypto/asn1/t_crl.c

@@ -0,0 +1,173 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#include "objects.h"
+#include "x509.h"
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static void ext_print(BIO *out, X509_EXTENSION *ex);
+#else
+static void ext_print();
+#endif
+
+#ifndef NO_FP_API
+int X509_CRL_print_fp(fp,x)
+FILE *fp;
+X509_CRL *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+void X509_CRL_print(out, x)
+BIO *out;
+X509_CRL *x;
+{
+	char buf[256];
+	unsigned char *s;
+	STACK *rev;
+	X509_REVOKED *r;
+	long l;
+	int i, j, n;
+
+	BIO_printf(out, "Certificate Revocation List (CRL):\n");
+	l = X509_CRL_get_version(x);
+	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+	i = OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
+	BIO_printf(out,"%8sIssuer: %s\n","",buf);
+	BIO_printf(out,"%8sLast Update: ","");
+	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+	BIO_printf(out,"\n%8sNext Update: ","");
+	if (X509_CRL_get_nextUpdate(x))
+		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+	else BIO_printf(out,"NONE");
+	BIO_printf(out,"\n");
+
+	n=X509_CRL_get_ext_count(x);
+	if (n > 0) {
+		BIO_printf(out,"%8sCRL extensions:\n","");
+		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
+	}
+
+
+	rev = X509_CRL_get_REVOKED(x);
+
+	if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");
+	else BIO_printf(out, "No Revoked Certificates.\n");
+
+	for(i = 0; i < sk_num(rev); i++) {
+		r = (X509_REVOKED *) sk_value(rev, i);
+		BIO_printf(out,"    Serial Number: ");
+		i2a_ASN1_INTEGER(out,r->serialNumber);
+		BIO_printf(out,"\n        Revocation Date: ","");
+		ASN1_TIME_print(out,r->revocationDate);
+		BIO_printf(out,"\n");
+		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
+				ext_print(out, X509_REVOKED_get_ext(r, j));
+	}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out,"    Signature Algorithm: %s",
+				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+	s = x->signature->data;
+	n = x->signature->length;
+	for (i=0; i<n; i++, s++)
+	{
+		if ((i%18) == 0) BIO_write(out,"\n        ",9);
+		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+	}
+	BIO_write(out,"\n",1);
+
+
+}
+
+static void ext_print(out, ex)
+BIO *out;
+X509_EXTENSION *ex;
+{
+	ASN1_OBJECT *obj;
+	int j;
+	BIO_printf(out,"%12s","");
+	obj=X509_EXTENSION_get_object(ex);
+	i2a_ASN1_OBJECT(out,obj);
+	j=X509_EXTENSION_get_critical(ex);
+	BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
+	if(!X509V3_EXT_print(out, ex, 0))
+				 ASN1_OCTET_STRING_print(out,ex->value);
+	BIO_write(out,"\n",1);
+}

crypto/objects/obj_dat.h

@@ -61,12 +61,12 @@
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 140
-#define NUM_SN 111
-#define NUM_LN 136
-#define NUM_OBJ 112
+#define NUM_NID 143
+#define NUM_SN 114
+#define NUM_LN 139
+#define NUM_OBJ 115
 
-static unsigned char lvalues[726]={
+static unsigned char lvalues[735]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -179,6 +179,9 @@ static unsigned char lvalues[726]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -372,6 +375,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
 	&(lvalues[706]),0},
 {"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
+	&(lvalues[725]),0},
+{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
+{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
+	&(lvalues[731]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -385,6 +393,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[109]),/* "CAST5-ECB" */
 &(nid_objs[111]),/* "CAST5-OFB" */
 &(nid_objs[13]),/* "CN" */
+&(nid_objs[141]),/* "CRLReason" */
 &(nid_objs[107]),/* "D" */
 &(nid_objs[31]),/* "DES-CBC" */
 &(nid_objs[30]),/* "DES-CFB" */
@@ -458,9 +467,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[131]),/* "codeSigning" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[140]),/* "deltaCRL" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
 &(nid_objs[128]),/* "id-kp" */
+&(nid_objs[142]),/* "invalidityDate" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
 &(nid_objs[81]),/* "ld-ce" */
@@ -489,8 +500,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[141]),/* "CRL Reason Code" */
 &(nid_objs[131]),/* "Code Signing" */
 &(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[142]),/* "Invalidity Date" */
 &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
 &(nid_objs[138]),/* "Microsoft Encrypted File System" */
 &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
@@ -519,6 +532,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
@@ -652,6 +666,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
@@ -659,8 +676,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */

crypto/objects/objects.h

@@ -739,6 +739,21 @@ extern "C" {
 #define NID_ns_sgc			139
 #define OBJ_ns_sgc			OBJ_netscape,4L,1L
 
+#define SN_delta_crl			"deltaCRL"
+#define LN_delta_crl			"X509v3 Delta CRL Indicator"
+#define NID_delta_crl			140
+#define OBJ_delta_crl			OBJ_ld_ce,27L
+
+#define SN_crl_reason			"CRLReason"
+#define LN_crl_reason			"CRL Reason Code"
+#define NID_crl_reason			141
+#define OBJ_crl_reason			OBJ_ld_ce,21L
+
+#define SN_invalidity_date		"invalidityDate"
+#define LN_invalidity_date		"Invalidity Date"
+#define NID_invalidity_date		142
+#define OBJ_invalidity_date		OBJ_ld_ce,24L
+
 #include "bio.h"
 #include "asn1.h"
 

crypto/x509/x509.h

@@ -1,3 +1,4 @@
+
 /* crypto/x509/x509.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
@@ -487,6 +488,12 @@ typedef struct CBCParameter_st
 #define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
 #define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
+#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
 /* This one is only used so that a binary form can output, as in
  * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
@@ -734,12 +741,14 @@ unsigned long	X509_NAME_hash(X509_NAME *x);
 int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
 #ifndef NO_FP_API
 int		X509_print_fp(FILE *bp,X509 *x);
+int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 #endif
 
 #ifdef HEADER_BIO_H
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int		X509_print(BIO *bp,X509 *x);
+int		X509_CRL_print(BIO *bp,X509_CRL *x);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
@@ -1049,11 +1058,13 @@ unsigned long	X509_NAME_hash();
 int		X509_CRL_cmp();
 #ifndef NO_FP_API
 int		X509_print_fp();
+int		X509_CRL_print_fp();
 int		X509_REQ_print_fp();
 #endif
 
 int		X509_NAME_print();
 int		X509_print();
+int		X509_CRL_print();
 int		X509_REQ_print();
 
 int 		X509_NAME_entry_count();

crypto/x509v3/Makefile.ssl

@@ -24,9 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c
+v3_pku.c v3_int.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o
 
 SRC= $(LIBSRC)
 

crypto/x509v3/v3_bitst.c

@@ -1,4 +1,4 @@
-/* v3_bitstr.c */
+/* v3_bitst.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 1999.
  */

crypto/x509v3/v3_int.c

@@ -0,0 +1,80 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <err.h>
+#include "x509v3.h"
+
+static ASN1_INTEGER *asn1_integer_new();
+
+X509V3_EXT_METHOD v3_crl_num = { 
+NID_crl_number, 0,
+(X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
+i2d_ASN1_INTEGER,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL};
+
+
+static ASN1_INTEGER *asn1_integer_new()
+{
+	return ASN1_INTEGER_new();
+}

crypto/x509v3/v3_lib.c

@@ -150,6 +150,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
+extern X509V3_EXT_METHOD v3_crl_num;
+
 int X509V3_add_standard_extensions()
 {
 	X509V3_EXT_add_list(v3_ns_ia5_list);
@@ -161,6 +163,7 @@ int X509V3_add_standard_extensions()
 	X509V3_EXT_add(&v3_skey_id);
 	X509V3_EXT_add(&v3_akey_id);
 	X509V3_EXT_add(&v3_pkey_usage_period);
+	X509V3_EXT_add(&v3_crl_num);
 	return 1;
 }
 

crypto/x509v3/v3_pku.c

@@ -1,4 +1,4 @@
-/* v3_akey.c */
+/* v3_pku.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 1999.
  */

crypto/x509v3/v3_utl.c

@@ -133,19 +133,30 @@ STACK **extlist;
 	return 1;
 }
 
+char *i2s_ASN1_INTEGER(method, a)
+X509V3_EXT_METHOD *method;
+ASN1_INTEGER *a;
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
 int X509V3_add_value_int(name, aint, extlist)
 char *name;
 ASN1_INTEGER *aint;
 STACK **extlist;
 {
-	BIGNUM *bntmp;
 	char *strtmp;
 	int ret;
 	if(!aint) return 1;
-	bntmp = ASN1_INTEGER_to_BN(aint, NULL);
-	strtmp = BN_bn2dec(bntmp);
+	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
 	ret = X509V3_add_value(name, strtmp, extlist);
-	BN_free(bntmp);
 	Free(strtmp);
 	return ret;
 }

crypto/x509v3/v3err.c

@@ -64,6 +64,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
 	{
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"I2S_ASN1_INTEGER"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),	"s2i_ASN1_OCTET_STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),	"S2I_ASN1_SKEY_ID"},

crypto/x509v3/x509v3.err

@@ -2,6 +2,7 @@
 
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING				 111
+#define X509V3_F_I2S_ASN1_INTEGER			 120
 #define X509V3_F_S2I_ASN1_IA5STRING			 100
 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
 #define X509V3_F_S2I_ASN1_SKEY_ID			 114

crypto/x509v3/x509v3.h

@@ -250,6 +250,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 int X509V3_add_value(char *name, char *value, STACK **extlist);
 int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
 int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
@@ -315,6 +316,7 @@ int X509V3_get_value_int();
 int X509V3_add_value();
 int X509V3_add_value_bool();
 int X509V3_add_value_int();
+char *i2s_ASN1_INTEGER();
 int X509V3_EXT_add();
 int X509V3_EXT_add_alias();
 void X509V3_EXT_cleanup();
@@ -338,6 +340,7 @@ int X509V3_EXT_print_fp();
 
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING				 111
+#define X509V3_F_I2S_ASN1_INTEGER			 120
 #define X509V3_F_S2I_ASN1_IA5STRING			 100
 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
 #define X509V3_F_S2I_ASN1_SKEY_ID			 114