=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/crl.c,v retrieving revision 1.16 retrieving revision 1.17 diff -c -r1.16 -r1.17 *** src/usr.bin/openssl/crl.c 2022/11/11 17:07:38 1.16 --- src/usr.bin/openssl/crl.c 2023/03/06 14:32:05 1.17 *************** *** 1,4 **** ! /* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: crl.c,v 1.17 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 86,92 **** int outformat; int text; int verify; ! } crl_config; static const struct option crl_options[] = { { --- 86,92 ---- int outformat; int text; int verify; ! } cfg; static const struct option crl_options[] = { { *************** *** 94,202 **** .argname = "file", .desc = "Verify the CRL using certificates in the given file", .type = OPTION_ARG, ! .opt.arg = &crl_config.cafile, }, { .name = "CApath", .argname = "path", .desc = "Verify the CRL using certificates in the given path", .type = OPTION_ARG, ! .opt.arg = &crl_config.capath, }, { .name = "crlnumber", .desc = "Print the CRL number", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.crlnumber, }, { .name = "fingerprint", .desc = "Print the CRL fingerprint", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.fingerprint, }, { .name = "hash", .desc = "Print the hash of the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.hash, }, { .name = "hash_old", .desc = "Print an old-style (MD5) hash of the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.hash_old, }, { .name = "in", .argname = "file", .desc = "Input file to read from (stdin if unspecified)", .type = OPTION_ARG, ! .opt.arg = &crl_config.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &crl_config.informat, }, { .name = "issuer", .desc = "Print the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.issuer, }, { .name = "lastupdate", .desc = "Print the lastUpdate field", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.lastupdate, }, { .name = "nameopt", .argname = "options", .desc = "Specify certificate name options", .type = OPTION_ARG, ! .opt.arg = &crl_config.nameopt, }, { .name = "nextupdate", .desc = "Print the nextUpdate field", .type = OPTION_FLAG_ORD, ! .opt.flag = &crl_config.nextupdate, }, { .name = "noout", .desc = "Do not output the encoded version of the CRL", .type = OPTION_FLAG, ! .opt.flag = &crl_config.noout, }, { .name = "out", .argname = "file", .desc = "Output file to write to (stdout if unspecified)", .type = OPTION_ARG, ! .opt.arg = &crl_config.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &crl_config.outformat, }, { .name = "text", .desc = "Print out the CRL in text form", .type = OPTION_FLAG, ! .opt.flag = &crl_config.text, }, { .name = "verify", .desc = "Verify the signature on the CRL", .type = OPTION_FLAG, ! .opt.flag = &crl_config.verify, }, {NULL}, }; --- 94,202 ---- .argname = "file", .desc = "Verify the CRL using certificates in the given file", .type = OPTION_ARG, ! .opt.arg = &cfg.cafile, }, { .name = "CApath", .argname = "path", .desc = "Verify the CRL using certificates in the given path", .type = OPTION_ARG, ! .opt.arg = &cfg.capath, }, { .name = "crlnumber", .desc = "Print the CRL number", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.crlnumber, }, { .name = "fingerprint", .desc = "Print the CRL fingerprint", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.fingerprint, }, { .name = "hash", .desc = "Print the hash of the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.hash, }, { .name = "hash_old", .desc = "Print an old-style (MD5) hash of the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.hash_old, }, { .name = "in", .argname = "file", .desc = "Input file to read from (stdin if unspecified)", .type = OPTION_ARG, ! .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &cfg.informat, }, { .name = "issuer", .desc = "Print the issuer name", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.issuer, }, { .name = "lastupdate", .desc = "Print the lastUpdate field", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.lastupdate, }, { .name = "nameopt", .argname = "options", .desc = "Specify certificate name options", .type = OPTION_ARG, ! .opt.arg = &cfg.nameopt, }, { .name = "nextupdate", .desc = "Print the nextUpdate field", .type = OPTION_FLAG_ORD, ! .opt.flag = &cfg.nextupdate, }, { .name = "noout", .desc = "Do not output the encoded version of the CRL", .type = OPTION_FLAG, ! .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file to write to (stdout if unspecified)", .type = OPTION_ARG, ! .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print out the CRL in text form", .type = OPTION_FLAG, ! .opt.flag = &cfg.text, }, { .name = "verify", .desc = "Verify the signature on the CRL", .type = OPTION_FLAG, ! .opt.flag = &cfg.verify, }, {NULL}, }; *************** *** 243,265 **** digest = EVP_sha256(); ! memset(&crl_config, 0, sizeof(crl_config)); ! crl_config.informat = FORMAT_PEM; ! crl_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { crl_usage(); goto end; } ! if (crl_config.cafile != NULL || crl_config.capath != NULL) ! crl_config.verify = 1; ! if (crl_config.nameopt != NULL) { ! if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { fprintf(stderr, "Invalid -nameopt argument '%s'\n", ! crl_config.nameopt); goto end; } } --- 243,265 ---- digest = EVP_sha256(); ! memset(&cfg, 0, sizeof(cfg)); ! cfg.informat = FORMAT_PEM; ! cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { crl_usage(); goto end; } ! if (cfg.cafile != NULL || cfg.capath != NULL) ! cfg.verify = 1; ! if (cfg.nameopt != NULL) { ! if (set_name_ex(&nmflag, cfg.nameopt) != 1) { fprintf(stderr, "Invalid -nameopt argument '%s'\n", ! cfg.nameopt); goto end; } } *************** *** 273,290 **** } } ! x = load_crl(crl_config.infile, crl_config.informat); if (x == NULL) goto end; ! if (crl_config.verify) { store = X509_STORE_new(); if (store == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; ! if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, X509_FILETYPE_PEM)) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); --- 273,290 ---- } } ! x = load_crl(cfg.infile, cfg.informat); if (x == NULL) goto end; ! if (cfg.verify) { store = X509_STORE_new(); if (store == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; ! if (!X509_LOOKUP_load_file(lookup, cfg.cafile, X509_FILETYPE_PEM)) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); *************** *** 292,298 **** lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; ! if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, X509_FILETYPE_PEM)) X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); --- 292,298 ---- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; ! if (!X509_LOOKUP_add_dir(lookup, cfg.capath, X509_FILETYPE_PEM)) X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); *************** *** 335,345 **** /* Print requested information the order that the flags were given. */ for (i = 1; i <= argc; i++) { ! if (crl_config.issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } ! if (crl_config.crlnumber == i) { ASN1_INTEGER *crlnum; crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL); --- 335,345 ---- /* Print requested information the order that the flags were given. */ for (i = 1; i <= argc; i++) { ! if (cfg.issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } ! if (cfg.crlnumber == i) { ASN1_INTEGER *crlnum; crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL); *************** *** 351,373 **** BIO_puts(bio_out, ""); BIO_printf(bio_out, "\n"); } ! if (crl_config.hash == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } #ifndef OPENSSL_NO_MD5 ! if (crl_config.hash_old == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash_old(X509_CRL_get_issuer(x))); } #endif ! if (crl_config.lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); BIO_printf(bio_out, "\n"); } ! if (crl_config.nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, --- 351,373 ---- BIO_puts(bio_out, ""); BIO_printf(bio_out, "\n"); } ! if (cfg.hash == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } #ifndef OPENSSL_NO_MD5 ! if (cfg.hash_old == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash_old(X509_CRL_get_issuer(x))); } #endif ! if (cfg.lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); BIO_printf(bio_out, "\n"); } ! if (cfg.nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, *************** *** 376,382 **** BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); } ! if (crl_config.fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; --- 376,382 ---- BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); } ! if (cfg.fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; *************** *** 399,423 **** ERR_print_errors(bio_err); goto end; } ! if (crl_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { ! if (BIO_write_filename(out, crl_config.outfile) <= 0) { ! perror(crl_config.outfile); goto end; } } ! if (crl_config.text) X509_CRL_print(out, x); ! if (crl_config.noout) { ret = 0; goto end; } ! if (crl_config.outformat == FORMAT_ASN1) i = (int) i2d_X509_CRL_bio(out, x); ! else if (crl_config.outformat == FORMAT_PEM) i = PEM_write_bio_X509_CRL(out, x); else { BIO_printf(bio_err, --- 399,423 ---- ERR_print_errors(bio_err); goto end; } ! if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { ! if (BIO_write_filename(out, cfg.outfile) <= 0) { ! perror(cfg.outfile); goto end; } } ! if (cfg.text) X509_CRL_print(out, x); ! if (cfg.noout) { ret = 0; goto end; } ! if (cfg.outformat == FORMAT_ASN1) i = (int) i2d_X509_CRL_bio(out, x); ! else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_X509_CRL(out, x); else { BIO_printf(bio_err,