96 |
|
NULL |
97 |
|
}; |
98 |
|
|
99 |
– |
static X509_CRL *load_crl(char *file, int format); |
99 |
|
static BIO *bio_out = NULL; |
100 |
|
|
101 |
|
int MAIN(int, char **); |
105 |
|
unsigned long nmflag = 0; |
106 |
|
X509_CRL *x = NULL; |
107 |
|
char *CAfile = NULL, *CApath = NULL; |
108 |
< |
int ret = 1, i, num, badops = 0; |
108 |
> |
int ret = 1, i, num, badops = 0, badsig = 0; |
109 |
|
BIO *out = NULL; |
110 |
< |
int informat, outformat; |
111 |
< |
char *infile = NULL, *outfile = NULL; |
110 |
> |
int informat, outformat, keyformat; |
111 |
> |
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; |
112 |
|
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = |
113 |
|
0, text = 0; |
114 |
|
#ifndef OPENSSL_NO_MD5 |
146 |
|
|
147 |
|
informat = FORMAT_PEM; |
148 |
|
outformat = FORMAT_PEM; |
149 |
+ |
keyformat = FORMAT_PEM; |
150 |
|
|
151 |
|
argc--; |
152 |
|
argv++; |
173 |
|
if (--argc < 1) |
174 |
|
goto bad; |
175 |
|
infile = *(++argv); |
176 |
+ |
} else if (strcmp(*argv, "-gendelta") == 0) { |
177 |
+ |
if (--argc < 1) |
178 |
+ |
goto bad; |
179 |
+ |
crldiff = *(++argv); |
180 |
+ |
} else if (strcmp(*argv, "-key") == 0) { |
181 |
+ |
if (--argc < 1) |
182 |
+ |
goto bad; |
183 |
+ |
keyfile = *(++argv); |
184 |
+ |
} else if (strcmp(*argv, "-keyform") == 0) { |
185 |
+ |
if (--argc < 1) |
186 |
+ |
goto bad; |
187 |
+ |
keyformat = str2fmt(*(++argv)); |
188 |
|
} else if (strcmp(*argv, "-out") == 0) { |
189 |
|
if (--argc < 1) |
190 |
|
goto bad; |
226 |
|
fingerprint = ++num; |
227 |
|
else if (strcmp(*argv, "-crlnumber") == 0) |
228 |
|
crlnumber = ++num; |
229 |
+ |
else if (strcmp(*argv, "-badsig") == 0) |
230 |
+ |
badsig = 1; |
231 |
|
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { |
232 |
|
/* ok */ |
233 |
|
digest = md_alg; |
295 |
|
BIO_printf(bio_err, "verify OK\n"); |
296 |
|
} |
297 |
|
|
298 |
+ |
if (crldiff) { |
299 |
+ |
X509_CRL *newcrl, *delta; |
300 |
+ |
if (!keyfile) { |
301 |
+ |
BIO_puts(bio_err, "Missing CRL signing key\n"); |
302 |
+ |
goto end; |
303 |
+ |
} |
304 |
+ |
newcrl = load_crl(crldiff, informat); |
305 |
+ |
if (!newcrl) |
306 |
+ |
goto end; |
307 |
+ |
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, |
308 |
+ |
"CRL signing key"); |
309 |
+ |
if (!pkey) { |
310 |
+ |
X509_CRL_free(newcrl); |
311 |
+ |
goto end; |
312 |
+ |
} |
313 |
+ |
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); |
314 |
+ |
X509_CRL_free(newcrl); |
315 |
+ |
EVP_PKEY_free(pkey); |
316 |
+ |
if (delta) { |
317 |
+ |
X509_CRL_free(x); |
318 |
+ |
x = delta; |
319 |
+ |
} else { |
320 |
+ |
BIO_puts(bio_err, "Error creating delta CRL\n"); |
321 |
+ |
goto end; |
322 |
+ |
} |
323 |
+ |
} |
324 |
+ |
|
325 |
|
if (num) { |
326 |
|
for (i = 1; i <= num; i++) { |
327 |
|
if (issuer == i) { |
410 |
|
goto end; |
411 |
|
} |
412 |
|
|
413 |
+ |
if (badsig) |
414 |
+ |
x->signature->data[x->signature->length - 1] ^= 0x1; |
415 |
+ |
|
416 |
|
if (outformat == FORMAT_ASN1) |
417 |
|
i = (int)i2d_X509_CRL_bio(out, x); |
418 |
|
else if (outformat == FORMAT_PEM) |
427 |
|
} |
428 |
|
ret = 0; |
429 |
|
end: |
430 |
+ |
if (ret != 0) |
431 |
+ |
ERR_print_errors(bio_err); |
432 |
|
BIO_free_all(out); |
433 |
|
BIO_free_all(bio_out); |
434 |
|
bio_out = NULL; |
439 |
|
} |
440 |
|
apps_shutdown(); |
441 |
|
OPENSSL_EXIT(ret); |
396 |
– |
} |
397 |
– |
|
398 |
– |
static X509_CRL *load_crl(char *infile, int format) |
399 |
– |
{ |
400 |
– |
X509_CRL *x = NULL; |
401 |
– |
BIO *in = NULL; |
402 |
– |
|
403 |
– |
in = BIO_new(BIO_s_file()); |
404 |
– |
if (in == NULL) { |
405 |
– |
ERR_print_errors(bio_err); |
406 |
– |
goto end; |
407 |
– |
} |
408 |
– |
|
409 |
– |
if (infile == NULL) |
410 |
– |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
411 |
– |
else { |
412 |
– |
if (BIO_read_filename(in, infile) <= 0) { |
413 |
– |
perror(infile); |
414 |
– |
goto end; |
415 |
– |
} |
416 |
– |
} |
417 |
– |
if (format == FORMAT_ASN1) |
418 |
– |
x = d2i_X509_CRL_bio(in, NULL); |
419 |
– |
else if (format == FORMAT_PEM) |
420 |
– |
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); |
421 |
– |
else { |
422 |
– |
BIO_printf(bio_err, "bad input format specified for input crl\n"); |
423 |
– |
goto end; |
424 |
– |
} |
425 |
– |
if (x == NULL) { |
426 |
– |
BIO_printf(bio_err, "unable to load CRL\n"); |
427 |
– |
ERR_print_errors(bio_err); |
428 |
– |
goto end; |
429 |
– |
} |
430 |
– |
|
431 |
– |
end: |
432 |
– |
BIO_free(in); |
433 |
– |
return (x); |
442 |
|
} |