Overhaul 'crl' application, add a proper X509_CRL_print function and start

 Changes between 0.9.1c and 0.9.2

  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support

     for some CRL extensions and new objects added.

     [Steve Henson]

  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private

     key usage extension and fuller support for authority key id.

     [Steve Henson]

#include "bio.h"

#include "err.h"

#include "x509.h"

#include "x509v3.h"

#include "pem.h"

#undef PROG

	BIO *out=NULL;

	int informat,outformat;

	char *infile=NULL,*outfile=NULL;

	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;

	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;

	char **pp,buf[256];

	apps_startup();

			if (--argc < 1) goto bad;

			outformat=str2fmt(*(++argv));

			}

		else if (strcmp(*argv,"-text") == 0)

			{

			outformat=FORMAT_TEXT;

			}

		else if (strcmp(*argv,"-in") == 0)

			{

			if (--argc < 1) goto bad;

			if (--argc < 1) goto bad;

			outfile= *(++argv);

			}

		else if (strcmp(*argv,"-text") == 0)

			text = 1;

		else if (strcmp(*argv,"-hash") == 0)

			hash= ++num;

		else if (strcmp(*argv,"-issuer") == 0)

		argv++;

		}

	if (outformat == FORMAT_TEXT)

		{

		num=0;

		issuer= ++num;

		lastupdate= ++num;

		nextupdate= ++num;

		}

	if (badops)

		{

bad:

		}

	ERR_load_crypto_strings();

	X509V3_add_standard_extensions();

	x=load_crl(infile,informat);

	if (x == NULL) { goto end; }

			if (issuer == i)

				{

				X509_NAME_oneline(x->crl->issuer,buf,256);

				fprintf(stdout,"issuer= %s\n",buf);

				BIO_printf(bio_out,"issuer= %s\n",buf);

				}

			if (hash == i)

				{

				fprintf(stdout,"%08lx\n",

				BIO_printf(bio_out,"%08lx\n",

					X509_NAME_hash(x->crl->issuer));

				}

			if (lastupdate == i)

				{

				fprintf(stdout,"lastUpdate=");

				BIO_printf(bio_out,"lastUpdate=");

				ASN1_TIME_print(bio_out,x->crl->lastUpdate);

				fprintf(stdout,"\n");

				BIO_printf(bio_out,"\n");

				}

			if (nextupdate == i)

				{

				fprintf(stdout,"nextUpdate=");

				BIO_printf(bio_out,"nextUpdate=");

				if (x->crl->nextUpdate != NULL)

					ASN1_TIME_print(bio_out,x->crl->nextUpdate);

				else

					fprintf(stdout,"NONE");

				fprintf(stdout,"\n");

					BIO_printf(bio_out,"NONE");

				BIO_printf(bio_out,"\n");

				}

			}

		}

			}

		}

	if (text) X509_CRL_print(out, x);

	if 	(outformat == FORMAT_ASN1)

		i=(int)i2d_X509_CRL_bio(out,x);

	else if (outformat == FORMAT_PEM)

		i=PEM_write_bio_X509_CRL(out,x);

	else if (outformat == FORMAT_TEXT)

		{

		X509_REVOKED *r;

		STACK *sk;

		sk=sk_dup(x->crl->revoked);

		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)

			{

			fprintf(stdout,"revoked: serialNumber=");

			i2a_ASN1_INTEGER(out,r->serialNumber);

			fprintf(stdout," revocationDate=");

			ASN1_TIME_print(bio_out,r->revocationDate);

			fprintf(stdout,"\n");

			}

		sk_free(sk);

		i=1;

		}

	else	

		{

		BIO_printf(bio_err,"bad output format specified for outfile\n");

	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }

	ret=0;

end:

	if (out != NULL) BIO_free(out);

	if (bio_out != NULL) BIO_free(bio_out);

	if (x != NULL) X509_CRL_free(x);

	BIO_free(out);

	BIO_free(bio_out);

	X509_CRL_free(x);

	X509V3_EXT_cleanup();

	EXIT(ret);

	}

		}

end:

	if (in != NULL) BIO_free(in);

	BIO_free(in);

	return(x);

	}

	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \

	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \

	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\

	t_req.c t_x509.c t_pkey.c \

	t_req.c t_x509.c t_crl.c t_pkey.c \

	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \

	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \

	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \

	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \

	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \

	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \

	t_req.o t_x509.o t_pkey.o \

	t_req.o t_x509.o t_crl.o t_pkey.o \

	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \

	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \

	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \

/* t_crl.c */

/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

 * project 1999.

 */

/* ====================================================================

 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer. 

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    licensing@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <stdio.h>

#include "cryptlib.h"

#include "buffer.h"

#include "bn.h"

#include "objects.h"

#include "x509.h"

#include "x509v3.h"

#ifndef NOPROTO

static void ext_print(BIO *out, X509_EXTENSION *ex);

#else

static void ext_print();

#endif

#ifndef NO_FP_API

int X509_CRL_print_fp(fp,x)

FILE *fp;

X509_CRL *x;

        {

        BIO *b;

        int ret;

        if ((b=BIO_new(BIO_s_file())) == NULL)

		{

		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);

                return(0);

		}

        BIO_set_fp(b,fp,BIO_NOCLOSE);

        ret=X509_CRL_print(b, x);

        BIO_free(b);

        return(ret);

        }

#endif

void X509_CRL_print(out, x)

BIO *out;

X509_CRL *x;

{

	char buf[256];

	unsigned char *s;

	STACK *rev;

	X509_REVOKED *r;

	long l;

	int i, j, n;

	BIO_printf(out, "Certificate Revocation List (CRL):\n");

	l = X509_CRL_get_version(x);

	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);

	i = OBJ_obj2nid(x->sig_alg->algorithm);

	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",

				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));

	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);

	BIO_printf(out,"%8sIssuer: %s\n","",buf);

	BIO_printf(out,"%8sLast Update: ","");

	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));

	BIO_printf(out,"\n%8sNext Update: ","");

	if (X509_CRL_get_nextUpdate(x))

		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));

	else BIO_printf(out,"NONE");

	BIO_printf(out,"\n");

	n=X509_CRL_get_ext_count(x);

	if (n > 0) {

		BIO_printf(out,"%8sCRL extensions:\n","");

		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));

	}

	rev = X509_CRL_get_REVOKED(x);

	if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");

	else BIO_printf(out, "No Revoked Certificates.\n");

	for(i = 0; i < sk_num(rev); i++) {

		r = (X509_REVOKED *) sk_value(rev, i);

		BIO_printf(out,"    Serial Number: ");

		i2a_ASN1_INTEGER(out,r->serialNumber);

		BIO_printf(out,"\n        Revocation Date: ","");

		ASN1_TIME_print(out,r->revocationDate);

		BIO_printf(out,"\n");

		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)

				ext_print(out, X509_REVOKED_get_ext(r, j));

	}

	i=OBJ_obj2nid(x->sig_alg->algorithm);

	BIO_printf(out,"    Signature Algorithm: %s",

				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));

	s = x->signature->data;

	n = x->signature->length;

	for (i=0; i<n; i++, s++)

	{

		if ((i%18) == 0) BIO_write(out,"\n        ",9);

		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");

	}

	BIO_write(out,"\n",1);

}

static void ext_print(out, ex)

BIO *out;

X509_EXTENSION *ex;

{

	ASN1_OBJECT *obj;

	int j;

	BIO_printf(out,"%12s","");

	obj=X509_EXTENSION_get_object(ex);

	i2a_ASN1_OBJECT(out,obj);

	j=X509_EXTENSION_get_critical(ex);

	BIO_printf(out, ": %s\n%16s", j ? "critical":"","");

	if(!X509V3_EXT_print(out, ex, 0))

				 ASN1_OCTET_STRING_print(out,ex->value);

	BIO_write(out,"\n",1);

}

 * perl obj_dat.pl < objects.h > obj_dat.h

 */

#define NUM_NID 140

#define NUM_SN 111

#define NUM_LN 136

#define NUM_OBJ 112

#define NUM_NID 143

#define NUM_SN 114

#define NUM_LN 139

#define NUM_OBJ 115

static unsigned char lvalues[726]={

static unsigned char lvalues[735]={

0x00,                                        /* [  0] OBJ_undef */

0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */

0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */

0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */

0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */

0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */

0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */

0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */

0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */

};

static ASN1_OBJECT nid_objs[NUM_NID]={

{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,

	&(lvalues[706]),0},

{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},

{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,

	&(lvalues[725]),0},

{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},

{"invalidityDate","Invalidity Date",NID_invalidity_date,3,

	&(lvalues[731]),0},

};

static ASN1_OBJECT *sn_objs[NUM_SN]={

&(nid_objs[109]),/* "CAST5-ECB" */

&(nid_objs[111]),/* "CAST5-OFB" */

&(nid_objs[13]),/* "CN" */

&(nid_objs[141]),/* "CRLReason" */

&(nid_objs[107]),/* "D" */

&(nid_objs[31]),/* "DES-CBC" */

&(nid_objs[30]),/* "DES-CFB" */

&(nid_objs[131]),/* "codeSigning" */

&(nid_objs[103]),/* "crlDistributionPoints" */

&(nid_objs[88]),/* "crlNumber" */

&(nid_objs[140]),/* "deltaCRL" */

&(nid_objs[132]),/* "emailProtection" */

&(nid_objs[126]),/* "extendedKeyUsage" */

&(nid_objs[128]),/* "id-kp" */

&(nid_objs[142]),/* "invalidityDate" */

&(nid_objs[86]),/* "issuerAltName" */

&(nid_objs[83]),/* "keyUsage" */

&(nid_objs[81]),/* "ld-ce" */

};

static ASN1_OBJECT *ln_objs[NUM_LN]={

&(nid_objs[141]),/* "CRL Reason Code" */

&(nid_objs[131]),/* "Code Signing" */

&(nid_objs[132]),/* "E-mail Protection" */

&(nid_objs[142]),/* "Invalidity Date" */

&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */

&(nid_objs[138]),/* "Microsoft Encrypted File System" */

&(nid_objs[134]),/* "Microsoft Individual Code Signing" */

&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */

&(nid_objs[88]),/* "X509v3 CRL Number" */

&(nid_objs[89]),/* "X509v3 Certificate Policies" */

&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */

&(nid_objs[126]),/* "X509v3 Extended Key Usage" */

&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */

&(nid_objs[83]),/* "X509v3 Key Usage" */

&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */

&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */

&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */

&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */

&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */

&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */

&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */

&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */

&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */

&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */

&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */

&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */

&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */

&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */

&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */

&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */

&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */

&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */