Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) New function X509_CRL_diff to generate a delta CRL from the difference of two full CRLs. Add support to "crl" utility. [Steve Henson] *) New functions to set lookup_crls function and to retrieve X509_STORE from X509_STORE_CTX. [Steve Henson] Loading apps/crl.c +53 −2 Original line number Diff line number Diff line Loading @@ -105,8 +105,8 @@ int MAIN(int argc, char **argv) char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL; int informat,outformat, keyformat; char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0, crlnumber = 0; const char **pp; Loading Loading @@ -141,6 +141,7 @@ int MAIN(int argc, char **argv) informat=FORMAT_PEM; outformat=FORMAT_PEM; keyformat=FORMAT_PEM; argc--; argv++; Loading Loading @@ -169,6 +170,21 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-gendelta") == 0) { if (--argc < 1) goto bad; crldiff= *(++argv); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -276,6 +292,39 @@ bad: else BIO_printf(bio_err, "verify OK\n"); } if (crldiff) { X509_CRL *newcrl, *delta; if (!keyfile) { BIO_puts(bio_err, "Missing CRL signing key\n"); goto end; } newcrl = load_crl(crldiff,informat); if (!newcrl) goto end; pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, "CRL signing key"); if (!pkey) { X509_CRL_free(newcrl); goto end; } delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); X509_CRL_free(newcrl); EVP_PKEY_free(pkey); if (delta) { X509_CRL_free(x); x = delta; } else { BIO_puts(bio_err, "Error creating delta CRL\n"); goto end; } } if (num) { for (i=1; i<=num; i++) Loading Loading @@ -390,6 +439,8 @@ bad: if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); BIO_free_all(bio_out); bio_out=NULL; Loading crypto/asn1/x_crl.c +1 −0 Original line number Diff line number Diff line Loading @@ -356,6 +356,7 @@ ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) Loading crypto/x509/x509.h +12 −0 Original line number Diff line number Diff line Loading @@ -765,6 +765,7 @@ X509 *X509_dup(X509 *x509); X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); Loading Loading @@ -965,6 +966,9 @@ int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); Loading Loading @@ -1245,6 +1249,7 @@ void ERR_load_X509_strings(void); #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 #define X509_F_X509_CHECK_PRIVATE_KEY 128 #define X509_F_X509_CRL_DIFF 105 #define X509_F_X509_CRL_PRINT_FP 147 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 Loading Loading @@ -1277,20 +1282,27 @@ void ERR_load_X509_strings(void); #define X509_F_X509_VERIFY_CERT 127 /* Reason codes. */ #define X509_R_AKID_MISMATCH 110 #define X509_R_BAD_X509_FILETYPE 100 #define X509_R_BASE64_DECODE_ERROR 118 #define X509_R_CANT_CHECK_DH_KEY 114 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_R_CRL_ALREADY_DELTA 127 #define X509_R_CRL_VERIFY_FAILURE 131 #define X509_R_ERR_ASN1_LIB 102 #define X509_R_IDP_MISMATCH 128 #define X509_R_INVALID_DIRECTORY 113 #define X509_R_INVALID_FIELD_NAME 119 #define X509_R_INVALID_TRUST 123 #define X509_R_ISSUER_MISMATCH 129 #define X509_R_KEY_TYPE_MISMATCH 115 #define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_METHOD_NOT_SUPPORTED 124 #define X509_R_NEWER_CRL_NOT_NEWER 132 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_NO_CRL_NUMBER 130 #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 #define X509_R_SHOULD_RETRY 106 Loading crypto/x509/x509_err.c +9 −1 Original line number Diff line number Diff line /* crypto/x509/x509_err.c */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -85,6 +85,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"}, {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, Loading Loading @@ -120,20 +121,27 @@ static ERR_STRING_DATA X509_str_functs[]= static ERR_STRING_DATA X509_str_reasons[]= { {ERR_REASON(X509_R_AKID_MISMATCH) ,"akid mismatch"}, {ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, {ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, {ERR_REASON(X509_R_CRL_ALREADY_DELTA) ,"crl already delta"}, {ERR_REASON(X509_R_CRL_VERIFY_FAILURE) ,"crl verify failure"}, {ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, {ERR_REASON(X509_R_IDP_MISMATCH) ,"idp mismatch"}, {ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, {ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, {ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, {ERR_REASON(X509_R_ISSUER_MISMATCH) ,"issuer mismatch"}, {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, {ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER) ,"newer crl not newer"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, {ERR_REASON(X509_R_NO_CRL_NUMBER) ,"no crl number"}, {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, {ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) New function X509_CRL_diff to generate a delta CRL from the difference of two full CRLs. Add support to "crl" utility. [Steve Henson] *) New functions to set lookup_crls function and to retrieve X509_STORE from X509_STORE_CTX. [Steve Henson] Loading
apps/crl.c +53 −2 Original line number Diff line number Diff line Loading @@ -105,8 +105,8 @@ int MAIN(int argc, char **argv) char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL; int informat,outformat, keyformat; char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0, crlnumber = 0; const char **pp; Loading Loading @@ -141,6 +141,7 @@ int MAIN(int argc, char **argv) informat=FORMAT_PEM; outformat=FORMAT_PEM; keyformat=FORMAT_PEM; argc--; argv++; Loading Loading @@ -169,6 +170,21 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-gendelta") == 0) { if (--argc < 1) goto bad; crldiff= *(++argv); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -276,6 +292,39 @@ bad: else BIO_printf(bio_err, "verify OK\n"); } if (crldiff) { X509_CRL *newcrl, *delta; if (!keyfile) { BIO_puts(bio_err, "Missing CRL signing key\n"); goto end; } newcrl = load_crl(crldiff,informat); if (!newcrl) goto end; pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, "CRL signing key"); if (!pkey) { X509_CRL_free(newcrl); goto end; } delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); X509_CRL_free(newcrl); EVP_PKEY_free(pkey); if (delta) { X509_CRL_free(x); x = delta; } else { BIO_puts(bio_err, "Error creating delta CRL\n"); goto end; } } if (num) { for (i=1; i<=num; i++) Loading Loading @@ -390,6 +439,8 @@ bad: if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); BIO_free_all(bio_out); bio_out=NULL; Loading
crypto/asn1/x_crl.c +1 −0 Original line number Diff line number Diff line Loading @@ -356,6 +356,7 @@ ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) Loading
crypto/x509/x509.h +12 −0 Original line number Diff line number Diff line Loading @@ -765,6 +765,7 @@ X509 *X509_dup(X509 *x509); X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); Loading Loading @@ -965,6 +966,9 @@ int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); Loading Loading @@ -1245,6 +1249,7 @@ void ERR_load_X509_strings(void); #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 #define X509_F_X509_CHECK_PRIVATE_KEY 128 #define X509_F_X509_CRL_DIFF 105 #define X509_F_X509_CRL_PRINT_FP 147 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 Loading Loading @@ -1277,20 +1282,27 @@ void ERR_load_X509_strings(void); #define X509_F_X509_VERIFY_CERT 127 /* Reason codes. */ #define X509_R_AKID_MISMATCH 110 #define X509_R_BAD_X509_FILETYPE 100 #define X509_R_BASE64_DECODE_ERROR 118 #define X509_R_CANT_CHECK_DH_KEY 114 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_R_CRL_ALREADY_DELTA 127 #define X509_R_CRL_VERIFY_FAILURE 131 #define X509_R_ERR_ASN1_LIB 102 #define X509_R_IDP_MISMATCH 128 #define X509_R_INVALID_DIRECTORY 113 #define X509_R_INVALID_FIELD_NAME 119 #define X509_R_INVALID_TRUST 123 #define X509_R_ISSUER_MISMATCH 129 #define X509_R_KEY_TYPE_MISMATCH 115 #define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_METHOD_NOT_SUPPORTED 124 #define X509_R_NEWER_CRL_NOT_NEWER 132 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_NO_CRL_NUMBER 130 #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 #define X509_R_SHOULD_RETRY 106 Loading
crypto/x509/x509_err.c +9 −1 Original line number Diff line number Diff line /* crypto/x509/x509_err.c */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -85,6 +85,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"}, {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, Loading Loading @@ -120,20 +121,27 @@ static ERR_STRING_DATA X509_str_functs[]= static ERR_STRING_DATA X509_str_reasons[]= { {ERR_REASON(X509_R_AKID_MISMATCH) ,"akid mismatch"}, {ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, {ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, {ERR_REASON(X509_R_CRL_ALREADY_DELTA) ,"crl already delta"}, {ERR_REASON(X509_R_CRL_VERIFY_FAILURE) ,"crl verify failure"}, {ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, {ERR_REASON(X509_R_IDP_MISMATCH) ,"idp mismatch"}, {ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, {ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, {ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, {ERR_REASON(X509_R_ISSUER_MISMATCH) ,"issuer mismatch"}, {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, {ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER) ,"newer crl not newer"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, {ERR_REASON(X509_R_NO_CRL_NUMBER) ,"no crl number"}, {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, {ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, Loading
