diff --git a/CHANGES b/CHANGES index 1b735ea06f..2e4769243a 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,10 @@ Changes between 0.9.1c and 0.9.2 + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private key usage extension and fuller support for authority key id. [Steve Henson] diff --git a/apps/crl.c b/apps/crl.c index a0098e9efd..a35e85733b 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -63,6 +63,7 @@ #include "bio.h" #include "err.h" #include "x509.h" +#include "x509v3.h" #include "pem.h" #undef PROG @@ -104,7 +105,7 @@ char **argv; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL; - int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0; + int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; char **pp,buf[256]; apps_startup(); @@ -142,10 +143,6 @@ char **argv; if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } - else if (strcmp(*argv,"-text") == 0) - { - outformat=FORMAT_TEXT; - } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -156,6 +153,8 @@ char **argv; if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-text") == 0) + text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -176,14 +175,6 @@ char **argv; argv++; } - if (outformat == FORMAT_TEXT) - { - num=0; - issuer= ++num; - lastupdate= ++num; - nextupdate= ++num; - } - if (badops) { bad: @@ -193,6 +184,7 @@ bad: } ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); x=load_crl(infile,informat); if (x == NULL) { goto end; } @@ -203,28 +195,28 @@ bad: if (issuer == i) { X509_NAME_oneline(x->crl->issuer,buf,256); - fprintf(stdout,"issuer= %s\n",buf); + BIO_printf(bio_out,"issuer= %s\n",buf); } if (hash == i) { - fprintf(stdout,"%08lx\n", + BIO_printf(bio_out,"%08lx\n", X509_NAME_hash(x->crl->issuer)); } if (lastupdate == i) { - fprintf(stdout,"lastUpdate="); + BIO_printf(bio_out,"lastUpdate="); ASN1_TIME_print(bio_out,x->crl->lastUpdate); - fprintf(stdout,"\n"); + BIO_printf(bio_out,"\n"); } if (nextupdate == i) { - fprintf(stdout,"nextUpdate="); + BIO_printf(bio_out,"nextUpdate="); if (x->crl->nextUpdate != NULL) ASN1_TIME_print(bio_out,x->crl->nextUpdate); else - fprintf(stdout,"NONE"); - fprintf(stdout,"\n"); + BIO_printf(bio_out,"NONE"); + BIO_printf(bio_out,"\n"); } } } @@ -249,27 +241,11 @@ bad: } } + if (text) X509_CRL_print(out, x); if (outformat == FORMAT_ASN1) i=(int)i2d_X509_CRL_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_X509_CRL(out,x); - else if (outformat == FORMAT_TEXT) - { - X509_REVOKED *r; - STACK *sk; - - sk=sk_dup(x->crl->revoked); - while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL) - { - fprintf(stdout,"revoked: serialNumber="); - i2a_ASN1_INTEGER(out,r->serialNumber); - fprintf(stdout," revocationDate="); - ASN1_TIME_print(bio_out,r->revocationDate); - fprintf(stdout,"\n"); - } - sk_free(sk); - i=1; - } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); @@ -278,9 +254,10 @@ bad: if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: - if (out != NULL) BIO_free(out); - if (bio_out != NULL) BIO_free(bio_out); - if (x != NULL) X509_CRL_free(x); + BIO_free(out); + BIO_free(bio_out); + X509_CRL_free(x); + X509V3_EXT_cleanup(); EXIT(ret); } @@ -324,7 +301,7 @@ int format; } end: - if (in != NULL) BIO_free(in); + BIO_free(in); return(x); } diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 1a467dcfdb..68f31e082e 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -30,7 +30,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \ d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \ d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ - t_req.c t_x509.c t_pkey.c \ + t_req.c t_x509.c t_crl.c t_pkey.c \ p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \ p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \ f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \ @@ -45,7 +45,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \ d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \ d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ - t_req.o t_x509.o t_pkey.o \ + t_req.o t_x509.o t_crl.o t_pkey.o \ p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \ p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \ f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \ diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c new file mode 100644 index 0000000000..5eafa18e47 --- /dev/null +++ b/crypto/asn1/t_crl.c @@ -0,0 +1,173 @@ +/* t_crl.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "buffer.h" +#include "bn.h" +#include "objects.h" +#include "x509.h" +#include "x509v3.h" + +#ifndef NOPROTO +static void ext_print(BIO *out, X509_EXTENSION *ex); +#else +static void ext_print(); +#endif + +#ifndef NO_FP_API +int X509_CRL_print_fp(fp,x) +FILE *fp; +X509_CRL *x; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=X509_CRL_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +void X509_CRL_print(out, x) +BIO *out; +X509_CRL *x; +{ + char buf[256]; + unsigned char *s; + STACK *rev; + X509_REVOKED *r; + long l; + int i, j, n; + + BIO_printf(out, "Certificate Revocation List (CRL):\n"); + l = X509_CRL_get_version(x); + BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); + i = OBJ_obj2nid(x->sig_alg->algorithm); + BIO_printf(out, "%8sSignature Algorithm: %s\n", "", + (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); + X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); + BIO_printf(out,"%8sIssuer: %s\n","",buf); + BIO_printf(out,"%8sLast Update: ",""); + ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); + BIO_printf(out,"\n%8sNext Update: ",""); + if (X509_CRL_get_nextUpdate(x)) + ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x)); + else BIO_printf(out,"NONE"); + BIO_printf(out,"\n"); + + n=X509_CRL_get_ext_count(x); + if (n > 0) { + BIO_printf(out,"%8sCRL extensions:\n",""); + for (i=0; iserialNumber); + BIO_printf(out,"\n Revocation Date: ",""); + ASN1_TIME_print(out,r->revocationDate); + BIO_printf(out,"\n"); + for(j = 0; j < X509_REVOKED_get_ext_count(r); j++) + ext_print(out, X509_REVOKED_get_ext(r, j)); + } + + i=OBJ_obj2nid(x->sig_alg->algorithm); + BIO_printf(out," Signature Algorithm: %s", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); + + s = x->signature->data; + n = x->signature->length; + for (i=0; ivalue); + BIO_write(out,"\n",1); +} diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 07c0e545f5..5362bad76f 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -61,12 +61,12 @@ * perl obj_dat.pl < objects.h > obj_dat.h */ -#define NUM_NID 140 -#define NUM_SN 111 -#define NUM_LN 136 -#define NUM_OBJ 112 +#define NUM_NID 143 +#define NUM_SN 114 +#define NUM_LN 139 +#define NUM_OBJ 115 -static unsigned char lvalues[726]={ +static unsigned char lvalues[735]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -179,6 +179,9 @@ static unsigned char lvalues[726]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [725] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [728] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [731] OBJ_invalidity_date */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -372,6 +375,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, &(lvalues[706]),0}, {"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0}, +{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, + &(lvalues[725]),0}, +{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0}, +{"invalidityDate","Invalidity Date",NID_invalidity_date,3, + &(lvalues[731]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -385,6 +393,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[109]),/* "CAST5-ECB" */ &(nid_objs[111]),/* "CAST5-OFB" */ &(nid_objs[13]),/* "CN" */ +&(nid_objs[141]),/* "CRLReason" */ &(nid_objs[107]),/* "D" */ &(nid_objs[31]),/* "DES-CBC" */ &(nid_objs[30]),/* "DES-CFB" */ @@ -458,9 +467,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[131]),/* "codeSigning" */ &(nid_objs[103]),/* "crlDistributionPoints" */ &(nid_objs[88]),/* "crlNumber" */ +&(nid_objs[140]),/* "deltaCRL" */ &(nid_objs[132]),/* "emailProtection" */ &(nid_objs[126]),/* "extendedKeyUsage" */ &(nid_objs[128]),/* "id-kp" */ +&(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[86]),/* "issuerAltName" */ &(nid_objs[83]),/* "keyUsage" */ &(nid_objs[81]),/* "ld-ce" */ @@ -489,8 +500,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ }; static ASN1_OBJECT *ln_objs[NUM_LN]={ +&(nid_objs[141]),/* "CRL Reason Code" */ &(nid_objs[131]),/* "Code Signing" */ &(nid_objs[132]),/* "E-mail Protection" */ +&(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */ &(nid_objs[138]),/* "Microsoft Encrypted File System" */ &(nid_objs[134]),/* "Microsoft Individual Code Signing" */ @@ -519,6 +532,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ &(nid_objs[88]),/* "X509v3 CRL Number" */ &(nid_objs[89]),/* "X509v3 Certificate Policies" */ +&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ @@ -652,6 +666,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */ &(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */ &(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */ +&(nid_objs[141]),/* OBJ_crl_reason 2 5 29 21 */ +&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ +&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ @@ -659,8 +676,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666.1 */ +&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */ &(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ &(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ &(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index bfcb90ac3b..6ee2d4ff2f 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -739,6 +739,21 @@ extern "C" { #define NID_ns_sgc 139 #define OBJ_ns_sgc OBJ_netscape,4L,1L +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_ld_ce,27L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_ld_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_ld_ce,24L + #include "bio.h" #include "asn1.h" diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 5aa239aa8c..694689e3ea 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1,3 +1,4 @@ + /* crypto/x509/x509.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -487,6 +488,12 @@ typedef struct CBCParameter_st #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) #define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) +#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +#define X509_CRL_get_issuer(x) ((x)->crl->issuer) +#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + /* This one is only used so that a binary form can output, as in * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) @@ -734,12 +741,14 @@ unsigned long X509_NAME_hash(X509_NAME *x); int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); #ifndef NO_FP_API int X509_print_fp(FILE *bp,X509 *x); +int X509_CRL_print_fp(FILE *bp,X509_CRL *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); #endif #ifdef HEADER_BIO_H int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_print(BIO *bp,X509 *x); +int X509_CRL_print(BIO *bp,X509_CRL *x); int X509_REQ_print(BIO *bp,X509_REQ *req); #endif @@ -1049,11 +1058,13 @@ unsigned long X509_NAME_hash(); int X509_CRL_cmp(); #ifndef NO_FP_API int X509_print_fp(); +int X509_CRL_print_fp(); int X509_REQ_print_fp(); #endif int X509_NAME_print(); int X509_print(); +int X509_CRL_print(); int X509_REQ_print(); int X509_NAME_entry_count(); diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 500cfd3935..77604d6fed 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -24,9 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c +v3_pku.c v3_int.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ -v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o +v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ +v3_int.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index 3e5d0d9b69..2b2cc592b4 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -1,4 +1,4 @@ -/* v3_bitstr.c */ +/* v3_bitst.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project 1999. */ diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c new file mode 100644 index 0000000000..6c966b3265 --- /dev/null +++ b/crypto/x509v3/v3_int.c @@ -0,0 +1,80 @@ +/* v3_int.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "x509v3.h" + +static ASN1_INTEGER *asn1_integer_new(); + +X509V3_EXT_METHOD v3_crl_num = { +NID_crl_number, 0, +(X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free, +(X509V3_EXT_D2I)d2i_ASN1_INTEGER, +i2d_ASN1_INTEGER, +(X509V3_EXT_I2S)i2s_ASN1_INTEGER, +(X509V3_EXT_S2I)NULL, +NULL, NULL, NULL, NULL}; + + +static ASN1_INTEGER *asn1_integer_new() +{ + return ASN1_INTEGER_new(); +} diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index c9e9cbaadf..7b6bda4f2c 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -150,6 +150,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern X509V3_EXT_METHOD v3_crl_num; + int X509V3_add_standard_extensions() { X509V3_EXT_add_list(v3_ns_ia5_list); @@ -161,6 +163,7 @@ int X509V3_add_standard_extensions() X509V3_EXT_add(&v3_skey_id); X509V3_EXT_add(&v3_akey_id); X509V3_EXT_add(&v3_pkey_usage_period); + X509V3_EXT_add(&v3_crl_num); return 1; } diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c index f6d314f5e2..7de1718e9f 100644 --- a/crypto/x509v3/v3_pku.c +++ b/crypto/x509v3/v3_pku.c @@ -1,4 +1,4 @@ -/* v3_akey.c */ +/* v3_pku.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project 1999. */ diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 45a3a56234..2b4d079b0e 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -133,19 +133,30 @@ STACK **extlist; return 1; } +char *i2s_ASN1_INTEGER(method, a) +X509V3_EXT_METHOD *method; +ASN1_INTEGER *a; +{ + BIGNUM *bntmp = NULL; + char *strtmp = NULL; + if(!a) return NULL; + if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp)) ) + X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + BN_free(bntmp); + return strtmp; +} + int X509V3_add_value_int(name, aint, extlist) char *name; ASN1_INTEGER *aint; STACK **extlist; { - BIGNUM *bntmp; char *strtmp; int ret; if(!aint) return 1; - bntmp = ASN1_INTEGER_to_BN(aint, NULL); - strtmp = BN_bn2dec(bntmp); + if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; ret = X509V3_add_value(name, strtmp, extlist); - BN_free(bntmp); Free(strtmp); return ret; } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 50dff95263..41367e00e7 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -64,6 +64,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= { {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, +{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "I2S_ASN1_INTEGER"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, diff --git a/crypto/x509v3/x509v3.err b/crypto/x509v3/x509v3.err index 0b9fb62d2b..fddbafd3ab 100644 --- a/crypto/x509v3/x509v3.err +++ b/crypto/x509v3/x509v3.err @@ -2,6 +2,7 @@ /* Function codes. */ #define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 #define X509V3_F_S2I_ASN1_SKEY_ID 114 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 75a18b908a..c6f7a4824c 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -250,6 +250,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); int X509V3_add_value(char *name, char *value, STACK **extlist); int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist); int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist); +char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); int X509V3_EXT_add(X509V3_EXT_METHOD *ext); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); @@ -315,6 +316,7 @@ int X509V3_get_value_int(); int X509V3_add_value(); int X509V3_add_value_bool(); int X509V3_add_value_int(); +char *i2s_ASN1_INTEGER(); int X509V3_EXT_add(); int X509V3_EXT_add_alias(); void X509V3_EXT_cleanup(); @@ -338,6 +340,7 @@ int X509V3_EXT_print_fp(); /* Function codes. */ #define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 #define X509V3_F_S2I_ASN1_SKEY_ID 114