X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fasn1%2Ft_x509.c;h=454c695eb2aa43d62fb07880b730fc067c75df59;hb=d66ace9da50de58a17e7ca7eeec8ca6f5a6be189;hp=189e5bdce8fd9e369044dd218688de3839a6f796;hpb=d0c98589146d79f1059638057dad9bb80d662339;p=oweals%2Fopenssl.git

diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 189e5bdce8..454c695eb2 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -60,17 +60,17 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
 	{
 	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
@@ -101,17 +101,22 @@ int X509_print(BIO *bp, X509 *x)
 int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
-	int ret=0,i,j,n;
-	char *m=NULL,*s, mlch = ' ';
+	int ret=0,i;
+	char *m=NULL,mlch = ' ';
+	int nmindent = 0;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
 	const char *neg;
-	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE)
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
 			mlch = '\n';
+			nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
 
 	ci=x->cert_info;
 	if(!(cflag & X509_FLAG_NO_HEADER))
@@ -160,20 +165,23 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 
 	if(!(cflag & X509_FLAG_NO_SIGNAME))
 		{
-		i=OBJ_obj2nid(ci->signature->algorithm);
-		if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
 			goto err;
 		}
 
 	if(!(cflag & X509_FLAG_NO_ISSUER))
 		{
 		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),16, nmflags)) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
 	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
 		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
 		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
 		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
@@ -183,15 +191,19 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	if(!(cflag & X509_FLAG_NO_SUBJECT))
 		{
 		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
 	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
 			goto err;
-		i=OBJ_obj2nid(ci->key->algor->algorithm);
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
 
 		pkey=X509_get_pubkey(x);
 		if (pkey == NULL)
@@ -200,7 +212,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			ERR_print_errors(bp);
 			}
 		else
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
@@ -209,7 +221,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			{
 			BIO_printf(bp,"%12sDSA Public Key:\n","");
@@ -222,48 +234,13 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 		EVP_PKEY_free(pkey);
 		}
 
-	if (cflag & X509_FLAG_NO_EXTENSIONS)
-		n = 0;
-	else
-		n=X509_get_ext_count(x);
-	if (n > 0)
-		{
-		BIO_printf(bp,"%8sX509v3 extensions:\n","");
-		for (i=0; i<n; i++)
-			{
-			ASN1_OBJECT *obj;
-			ex=X509_get_ext(x,i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, 0, 16))
-				{
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-				}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
-			}
-		}
+	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+		X509V3_extensions_print(bp, "X509v3 extensions",
+					ci->extensions, cflag, 8);
 
 	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		i=OBJ_obj2nid(x->sig_alg->algorithm);
-		if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
-
-		n=x->signature->length;
-		s=(char *)x->signature->data;
-		for (i=0; i<n; i++)
-			{
-			if ((i%18) == 0)
-				if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-			if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-				((i+1) == n)?"":":") <= 0) goto err;
-			}
-		if (BIO_write(bp,"\n",1) != 1) goto err;
+		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
 		}
 	if(!(cflag & X509_FLAG_NO_AUX))
 		{
@@ -276,6 +253,71 @@ err:
 	return(ret);
 	}
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+	{
+	unsigned char *der=NULL ;
+	unsigned char *dertmp;
+	int derlen;
+	int i;
+	unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+	/* display the hash of the subject as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+		goto err;
+	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+		goto err;
+	i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+		}
+	OPENSSL_free (der);
+	der=NULL;
+
+	/* display the hash of the public key as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+		goto err;
+
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+			goto err;
+		}
+	BIO_printf(bp,"\n");
+
+	return (1);
+err:
+	if (der != NULL) OPENSSL_free(der);
+	return(0);
+	}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+	unsigned char *s;
+	int i, n;
+	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+	n=sig->length;
+	s=sig->data;
+	for (i=0; i<n; i++)
+		{
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+			if (BIO_printf(bp,"%02x%s",s[i],
+				((i+1) == n)?"":":") <= 0) return 0;
+		}
+	if (BIO_write(bp,"\n",1) != 1) return 0;
+	return 1;
+}
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
@@ -398,6 +440,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	ll=80-2-obase;
 
 	s=X509_NAME_oneline(name,buf,256);
+	if (!*s)
+		return 1;
 	s++; /* skip the first slash */
 
 	l=ll;