1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/tsrc/topenssl/src/crl2p7.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,347 @@
1.4 +/* apps/crl2p7.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
1.63 + * and donated 'to the cause' along with lots and lots of other fixes to
1.64 + * the library. */
1.65 +
1.66 +#include <stdio.h>
1.67 +#include <string.h>
1.68 +#include <sys/types.h>
1.69 +#include <sys/stat.h>
1.70 +#include "apps.h"
1.71 +#include <openssl/err.h>
1.72 +#include <openssl/evp.h>
1.73 +#include <openssl/x509.h>
1.74 +#include <openssl/pkcs7.h>
1.75 +#include <openssl/pem.h>
1.76 +#include <openssl/objects.h>
1.77 +
1.78 +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
1.79 +#undef PROG
1.80 +#define PROG crl2pkcs7_main
1.81 +
1.82 +/* -inform arg - input format - default PEM (DER or PEM)
1.83 + * -outform arg - output format - default PEM
1.84 + * -in arg - input file - default stdin
1.85 + * -out arg - output file - default stdout
1.86 + */
1.87 +
1.88 +
1.89 +int MAIN(int, char **);
1.90 +
1.91 +int MAIN(int argc, char **argv)
1.92 + {
1.93 + int i,badops=0;
1.94 + BIO *in=NULL,*out=NULL;
1.95 + int informat,outformat;
1.96 + char *infile,*outfile,*prog,*certfile;
1.97 + PKCS7 *p7 = NULL;
1.98 + PKCS7_SIGNED *p7s = NULL;
1.99 + X509_CRL *crl=NULL;
1.100 + STACK *certflst=NULL;
1.101 + STACK_OF(X509_CRL) *crl_stack=NULL;
1.102 + STACK_OF(X509) *cert_stack=NULL;
1.103 + int ret=1,nocrl=0;
1.104 +
1.105 + apps_startup();
1.106 +
1.107 + if (bio_err == NULL)
1.108 + if ((bio_err=BIO_new(BIO_s_file())) != NULL)
1.109 + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
1.110 +
1.111 + infile=NULL;
1.112 + outfile=NULL;
1.113 + informat=FORMAT_PEM;
1.114 + outformat=FORMAT_PEM;
1.115 +
1.116 + prog=argv[0];
1.117 + argc--;
1.118 + argv++;
1.119 + while (argc >= 1)
1.120 + {
1.121 + if (strcmp(*argv,"-inform") == 0)
1.122 + {
1.123 + if (--argc < 1) goto bad;
1.124 + informat=str2fmt(*(++argv));
1.125 + }
1.126 + else if (strcmp(*argv,"-outform") == 0)
1.127 + {
1.128 + if (--argc < 1) goto bad;
1.129 + outformat=str2fmt(*(++argv));
1.130 + }
1.131 + else if (strcmp(*argv,"-in") == 0)
1.132 + {
1.133 + if (--argc < 1) goto bad;
1.134 + infile= *(++argv);
1.135 + }
1.136 + else if (strcmp(*argv,"-nocrl") == 0)
1.137 + {
1.138 + nocrl=1;
1.139 + }
1.140 + else if (strcmp(*argv,"-out") == 0)
1.141 + {
1.142 + if (--argc < 1) goto bad;
1.143 + outfile= *(++argv);
1.144 + }
1.145 + else if (strcmp(*argv,"-certfile") == 0)
1.146 + {
1.147 + if (--argc < 1) goto bad;
1.148 + if(!certflst) certflst = sk_new_null();
1.149 + sk_push(certflst,*(++argv));
1.150 + }
1.151 + else
1.152 + {
1.153 + BIO_printf(bio_err,"unknown option %s\n",*argv);
1.154 + badops=1;
1.155 + break;
1.156 + }
1.157 + argc--;
1.158 + argv++;
1.159 + }
1.160 +
1.161 + if (badops)
1.162 + {
1.163 +bad:
1.164 + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
1.165 + BIO_printf(bio_err,"where options are\n");
1.166 + BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
1.167 + BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
1.168 + BIO_printf(bio_err," -in arg input file\n");
1.169 + BIO_printf(bio_err," -out arg output file\n");
1.170 + BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
1.171 + BIO_printf(bio_err," (can be used more than once)\n");
1.172 + BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
1.173 + ret = 1;
1.174 + goto end;
1.175 + }
1.176 +
1.177 + ERR_load_crypto_strings();
1.178 +
1.179 + in=BIO_new(BIO_s_file());
1.180 + out=BIO_new(BIO_s_file());
1.181 + if ((in == NULL) || (out == NULL))
1.182 + {
1.183 + ERR_print_errors(bio_err);
1.184 + goto end;
1.185 + }
1.186 +
1.187 + if (!nocrl)
1.188 + {
1.189 + if (infile == NULL)
1.190 + BIO_set_fp(in,stdin,BIO_NOCLOSE);
1.191 +
1.192 + else
1.193 + {
1.194 + if (BIO_read_filename(in,infile) <= 0)
1.195 + {
1.196 + perror(infile);
1.197 + goto end;
1.198 + }
1.199 + }
1.200 +
1.201 + if (informat == FORMAT_ASN1)
1.202 + crl=d2i_X509_CRL_bio(in,NULL);
1.203 + else if (informat == FORMAT_PEM)
1.204 + crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
1.205 + else {
1.206 + BIO_printf(bio_err,"bad input format specified for input crl\n");
1.207 + goto end;
1.208 + }
1.209 + if (crl == NULL)
1.210 + {
1.211 + BIO_printf(bio_err,"unable to load CRL\n");
1.212 + ERR_print_errors(bio_err);
1.213 + goto end;
1.214 + }
1.215 + }
1.216 +
1.217 + if ((p7=PKCS7_new()) == NULL) goto end;
1.218 + if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
1.219 + p7->type=OBJ_nid2obj(NID_pkcs7_signed);
1.220 + p7->d.sign=p7s;
1.221 + p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
1.222 +
1.223 + if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
1.224 + if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
1.225 + p7s->crl=crl_stack;
1.226 + if (crl != NULL)
1.227 + {
1.228 + sk_X509_CRL_push(crl_stack,crl);
1.229 + crl=NULL; /* now part of p7 for OPENSSL_freeing */
1.230 + }
1.231 +
1.232 + if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
1.233 + p7s->cert=cert_stack;
1.234 +
1.235 + if(certflst) for(i = 0; i < sk_num(certflst); i++) {
1.236 + certfile = sk_value(certflst, i);
1.237 + if (add_certs_from_file(cert_stack,certfile) < 0)
1.238 + {
1.239 + BIO_printf(bio_err, "error loading certificates\n");
1.240 + ERR_print_errors(bio_err);
1.241 + goto end;
1.242 + }
1.243 + }
1.244 +
1.245 + sk_free(certflst);
1.246 +
1.247 + if (outfile == NULL)
1.248 + {
1.249 + BIO_set_fp(out,stdout,BIO_NOCLOSE);
1.250 +#ifdef OPENSSL_SYS_VMS
1.251 + {
1.252 + BIO *tmpbio = BIO_new(BIO_f_linebuffer());
1.253 + out = BIO_push(tmpbio, out);
1.254 + }
1.255 +#endif
1.256 + }
1.257 + else
1.258 + {
1.259 + if (BIO_write_filename(out,outfile) <= 0)
1.260 + {
1.261 + perror(outfile);
1.262 + goto end;
1.263 + }
1.264 + }
1.265 +
1.266 + if (outformat == FORMAT_ASN1)
1.267 + i=i2d_PKCS7_bio(out,p7);
1.268 + else if (outformat == FORMAT_PEM)
1.269 + i=PEM_write_bio_PKCS7(out,p7);
1.270 + else {
1.271 + BIO_printf(bio_err,"bad output format specified for outfile\n");
1.272 + goto end;
1.273 + }
1.274 + if (!i)
1.275 + {
1.276 + BIO_printf(bio_err,"unable to write pkcs7 object\n");
1.277 + ERR_print_errors(bio_err);
1.278 + goto end;
1.279 + }
1.280 + ret=0;
1.281 +end:
1.282 + if (in != NULL) BIO_free(in);
1.283 + if (out != NULL) BIO_free_all(out);
1.284 + if (p7 != NULL) PKCS7_free(p7);
1.285 + if (crl != NULL) X509_CRL_free(crl);
1.286 +
1.287 + apps_shutdown();
1.288 + OPENSSL_EXIT(ret);
1.289 + }
1.290 +
1.291 +/*
1.292 + *----------------------------------------------------------------------
1.293 + * int add_certs_from_file
1.294 + *
1.295 + * Read a list of certificates to be checked from a file.
1.296 + *
1.297 + * Results:
1.298 + * number of certs added if successful, -1 if not.
1.299 + *----------------------------------------------------------------------
1.300 + */
1.301 +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
1.302 + {
1.303 + struct stat st;
1.304 + BIO *in=NULL;
1.305 + int count=0;
1.306 + int ret= -1;
1.307 + STACK_OF(X509_INFO) *sk=NULL;
1.308 + X509_INFO *xi;
1.309 +
1.310 + if ((stat(certfile,&st) != 0))
1.311 + {
1.312 + BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
1.313 + goto end;
1.314 + }
1.315 +
1.316 + in=BIO_new(BIO_s_file());
1.317 + if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
1.318 + {
1.319 + BIO_printf(bio_err,"error opening the file, %s\n",certfile);
1.320 + goto end;
1.321 + }
1.322 +
1.323 + /* This loads from a file, a stack of x509/crl/pkey sets */
1.324 + sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
1.325 + if (sk == NULL) {
1.326 + BIO_printf(bio_err,"error reading the file, %s\n",certfile);
1.327 + goto end;
1.328 + }
1.329 +
1.330 + /* scan over it and pull out the CRL's */
1.331 + while (sk_X509_INFO_num(sk))
1.332 + {
1.333 + xi=sk_X509_INFO_shift(sk);
1.334 + if (xi->x509 != NULL)
1.335 + {
1.336 + sk_X509_push(stack,xi->x509);
1.337 + xi->x509=NULL;
1.338 + count++;
1.339 + }
1.340 + X509_INFO_free(xi);
1.341 + }
1.342 +
1.343 + ret=count;
1.344 +end:
1.345 + /* never need to OPENSSL_free x */
1.346 + if (in != NULL) BIO_free(in);
1.347 + if (sk != NULL) sk_X509_INFO_free(sk);
1.348 + return(ret);
1.349 + }
1.350 +