From d0c98589146d79f1059638057dad9bb80d662339 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Oct 2000 01:16:32 +0000 Subject: [PATCH] Global DirectoryString mask fix. Add support for X509_NAME_print_ex() in req. Initial code for cutomizable X509 print routines. --- CHANGES | 5 + apps/req.c | 20 +++- crypto/asn1/a_strex.c | 12 +++ crypto/asn1/a_strnid.c | 2 +- crypto/asn1/t_x509.c | 205 +++++++++++++++++++++++++---------------- crypto/x509/x509.h | 17 ++++ 6 files changed, 180 insertions(+), 81 deletions(-) diff --git a/CHANGES b/CHANGES index 8643bda1c4..aeea390f77 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Fix for bug in DirectoryString mask setting. Add support for + X509_NAME_print_ex() in 'req' and initial X509_print_ex() function + to allow certificate printing to more controllable. + [Steve Henson] + *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] diff --git a/apps/req.c b/apps/req.c index 1aab38d9d7..4d707e83ed 100644 --- a/apps/req.c +++ b/apps/req.c @@ -143,6 +143,7 @@ int MAIN(int argc, char **argv) #ifndef NO_DSA DSA *dsa_params=NULL; #endif + unsigned long nmflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; @@ -150,7 +151,7 @@ int MAIN(int argc, char **argv) int i,badops=0,newreq=0,newkey= -1,pkey_type=0; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; - int nodes=0,kludge=0,newhdr=0; + int nodes=0,kludge=0,newhdr=0,subject=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; char *req_exts = NULL; @@ -322,6 +323,13 @@ int MAIN(int argc, char **argv) nodes=1; else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_name_ex(&nmflag, *(++argv))) goto bad; + } + else if (strcmp(*argv,"-subject") == 0) + subject=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-x509") == 0) @@ -803,7 +811,7 @@ loop: BIO_printf(bio_err,"verify OK\n"); } - if (noout && !text && !modulus) + if (noout && !text && !modulus && !subject) { ex=0; goto end; @@ -840,6 +848,14 @@ loop: X509_REQ_print(out,req); } + if(subject) + { + if(x509) + print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); + else + print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); + } + if (modulus) { EVP_PKEY *pubkey; diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 569b811998..5335538ae0 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -491,12 +491,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) { + if(flags == XN_FLAG_COMPAT) + return X509_NAME_print(out, nm, indent); return do_name_ex(send_bio_chars, out, nm, indent, flags); } int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) { + if(flags == XN_FLAG_COMPAT) + { + BIO *btmp; + int ret; + btmp = BIO_new_fp(fp, BIO_NOCLOSE); + if(!btmp) return -1; + ret = X509_NAME_print(btmp, nm, indent); + BIO_free(btmp); + return ret; + } return do_name_ex(send_fp_chars, fp, nm, indent, flags); } diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 6b10cff994..732e68fe46 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, if(tbl) { mask = tbl->mask; if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); if(ret <= 0) return NULL; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 314bdfb1c7..189e5bdce8 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -72,6 +72,11 @@ #ifndef NO_FP_API int X509_print_fp(FILE *fp, X509 *x) + { + return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } + +int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) { BIO *b; int ret; @@ -82,17 +87,22 @@ int X509_print_fp(FILE *fp, X509 *x) return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_print(b, x); + ret=X509_print_ex(b, x, nmflag, cflag); BIO_free(b); return(ret); } #endif int X509_print(BIO *bp, X509 *x) +{ + return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} + +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; int ret=0,i,j,n; - char *m=NULL,*s; + char *m=NULL,*s, mlch = ' '; X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey=NULL; @@ -100,89 +110,122 @@ int X509_print(BIO *bp, X509 *x) X509_EXTENSION *ex; ASN1_STRING *str=NULL; + if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) + mlch = '\n'; + ci=x->cert_info; - if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; - if (BIO_write(bp," Data:\n",10) <= 0) goto err; - l=X509_get_version(x); - if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; - if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - - bs=X509_get_serialNumber(x); - if (bs->length <= 4) + if(!(cflag & X509_FLAG_NO_HEADER)) { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) - goto err; + if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; + if (BIO_write(bp," Data:\n",10) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_VERSION)) + { + l=X509_get_version(x); + if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_SERIAL)) { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; - for (i=0; ilength; i++) + if (BIO_write(bp," Serial Number:",22) <= 0) goto err; + + bs=X509_get_serialNumber(x); + if (bs->length <= 4) { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + l=ASN1_INTEGER_get(bs); + if (l < 0) + { + l= -l; + neg="-"; + } + else + neg=""; + if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) goto err; } + else + { + neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; + if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; + + for (i=0; ilength; i++) + { + if (BIO_printf(bp,"%02x%c",bs->data[i], + ((i+1 == bs->length)?'\n':':')) <= 0) + goto err; + } + } + } - i=OBJ_obj2nid(ci->signature->algorithm); - if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) - goto err; - - if (BIO_write(bp," Issuer: ",16) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; - if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; - if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; - if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; - if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; - if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) - goto err; - i=OBJ_obj2nid(ci->key->algor->algorithm); - if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; - - pkey=X509_get_pubkey(x); - if (pkey == NULL) + if(!(cflag & X509_FLAG_NO_SIGNAME)) { - BIO_printf(bp,"%12sUnable to load Public Key\n",""); - ERR_print_errors(bp); + i=OBJ_obj2nid(ci->signature->algorithm); + if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) + goto err; } - else -#ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) + + if(!(cflag & X509_FLAG_NO_ISSUER)) { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; + if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),16, nmflags)) goto err; } - else -#endif -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if(!(cflag & X509_FLAG_NO_VALIDITY)) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; + if (BIO_write(bp," Not Before: ",24) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; + if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_SUBJECT)) + { + if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; + if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; + } + if(!(cflag & X509_FLAG_NO_PUBKEY)) + { + if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) + goto err; + i=OBJ_obj2nid(ci->key->algor->algorithm); + if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bp,"%12sUnable to load Public Key\n",""); + ERR_print_errors(bp); + } + else +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(bp,pkey->pkey.rsa,16); + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(bp,"%12sDSA Public Key:\n",""); + DSA_print(bp,pkey->pkey.dsa,16); + } + else #endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); + BIO_printf(bp,"%12sUnknown Public Key:\n",""); - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); + } - n=X509_get_ext_count(x); + if (cflag & X509_FLAG_NO_EXTENSIONS) + n = 0; + else + n=X509_get_ext_count(x); if (n > 0) { BIO_printf(bp,"%8sX509v3 extensions:\n",""); @@ -205,21 +248,27 @@ int X509_print(BIO *bp, X509 *x) } } - i=OBJ_obj2nid(x->sig_alg->algorithm); - if (BIO_printf(bp,"%4sSignature Algorithm: %s","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + if(!(cflag & X509_FLAG_NO_SIGDUMP)) + { + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (BIO_printf(bp,"%4sSignature Algorithm: %s","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; - n=x->signature->length; - s=(char *)x->signature->data; - for (i=0; isignature->length; + s=(char *)x->signature->data; + for (i=0; iaux, 0)) goto err; } - if (BIO_write(bp,"\n",1) != 1) goto err; - if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; ret=1; err: if (str != NULL) ASN1_STRING_free(str); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 813c8adffd..6b053359b7 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -320,6 +320,21 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_REJECTED 2 #define X509_TRUST_UNTRUSTED 3 +/* Flags for X509_print_ex() */ + +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) + /* Flags specific to X509_NAME_print_ex() */ /* The field separator information */ @@ -1034,6 +1049,7 @@ unsigned long X509_NAME_hash(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); #ifndef NO_FP_API +int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); @@ -1043,6 +1059,7 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla #ifndef NO_BIO int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); -- 2.25.1