static X509_REVOKED *create_revoked(lua_State*L, const BIGNUM* bn, time_t t, int reason) { X509_REVOKED *revoked = X509_REVOKED_new(); ASN1_TIME *tm = ASN1_TIME_new(); ASN1_INTEGER *it = BN_to_ASN1_INTEGER((BIGNUM*)bn, NULL);; ASN1_TIME_set(tm, t); X509_REVOKED_set_revocationDate(revoked, tm); X509_REVOKED_set_serialNumber(revoked, it); #if OPENSSL_VERSION_NUMBER > 0x10000000L revoked->reason = reason; #else { ASN1_ENUMERATED * e = ASN1_ENUMERATED_new(); X509_EXTENSION * ext = X509_EXTENSION_new(); ASN1_ENUMERATED_set(e, reason); X509_EXTENSION_set_data(ext, e); X509_EXTENSION_set_object(ext, OBJ_nid2obj(NID_crl_reason)); X509_REVOKED_add_ext(revoked, ext, 0); X509_EXTENSION_free(ext); ASN1_ENUMERATED_free(e); } #endif ASN1_TIME_free(tm); ASN1_INTEGER_free(it); return revoked; }
static X509_REVOKED *create_revoked(const BIGNUM* bn, time_t t, int reason) { X509_REVOKED *revoked = X509_REVOKED_new(); ASN1_TIME *tm = ASN1_TIME_new(); ASN1_INTEGER *it = BN_to_ASN1_INTEGER(bn, NULL);; ASN1_TIME_set(tm, t); X509_REVOKED_set_revocationDate(revoked, tm); X509_REVOKED_set_serialNumber(revoked, it); { ASN1_ENUMERATED * e = ASN1_ENUMERATED_new(); X509_EXTENSION * ext = X509_EXTENSION_new(); ASN1_ENUMERATED_set(e, reason); X509_EXTENSION_set_data(ext, e); X509_EXTENSION_set_object(ext, OBJ_nid2obj(NID_crl_reason)); X509_REVOKED_add_ext(revoked, ext, 0); X509_EXTENSION_free(ext); ASN1_ENUMERATED_free(e); } ASN1_TIME_free(tm); ASN1_INTEGER_free(it); return revoked; }
static int openssl_revoked_info(lua_State* L) { X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked"); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (revoked->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, revoked->extensions); lua_rawset(L, -3); } return 1; };
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = 0; X509_REVOKED *revoked = NULL; if (lua_isinteger(L, 2)) { i = lua_tointeger(L, 2); luaL_argcheck(L, (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)), 2, "Out of range"); revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); } else { ASN1_STRING *sn = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_integer"); int cnt = sk_X509_REVOKED_num(crl->crl->revoked); for (i = 0; i < cnt; i++) { X509_REVOKED *rev = sk_X509_REVOKED_value(crl->crl->revoked, i); if (ASN1_STRING_cmp(rev->serialNumber, sn) == 0) { revoked = rev; break; } } } if (revoked) { lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "code", revoked->reason, number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "code", ASN1_ENUMERATED_get(reason), number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } } else lua_pushnil(L); return 1; }
static int openssl_x509_revoked_get_reason(X509_REVOKED *revoked) { int crit = 0; int reason; ASN1_ENUMERATED *areason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); reason = (crit == -1) ? CRL_REASON_NONE : ASN1_ENUMERATED_get(areason); ASN1_ENUMERATED_free(areason); return reason; }
static VALUE decode_enum(unsigned char* der, int length) { ASN1_ENUMERATED *ai; const unsigned char *p; VALUE ret; int status = 0; p = der; if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length))) ossl_raise(eASN1Error, NULL); ret = rb_protect((VALUE(*)_((VALUE)))asn1integer_to_num, (VALUE)ai, &status); ASN1_ENUMERATED_free(ai); if(status) rb_jump_tag(status); return ret; }
ASN1_ENUMERATED * BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) { ASN1_ENUMERATED *ret; int len, j; if (ai == NULL) ret = ASN1_ENUMERATED_new(); else ret = ai; if (ret == NULL) { ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); goto err; } if (BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; else ret->type = V_ASN1_ENUMERATED; j = BN_num_bits(bn); len = ((j == 0) ? 0 : ((j / 8) + 1)); if (ret->length < len + 4) { unsigned char *new_data = realloc(ret->data, len + 4); if (!new_data) { ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); goto err; } ret->data = new_data; } ret->length = BN_bn2bin(bn, ret->data); /* Correct zero case */ if (!ret->length) { ret->data[0] = 0; ret->length = 1; } return (ret); err: if (ret != ai) ASN1_ENUMERATED_free(ret); return (NULL); }
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = luaL_checkint(L, 2); if (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } return 1; } else lua_pushnil(L); return 1; }
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump) { const unsigned char *p, *ep, *tot, *op, *opp; long len; int tag, xclass, ret = 0; int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; if (depth > ASN1_PARSE_MAXDEPTH) { BIO_puts(bp, "BAD RECURSION DEPTH\n"); return 0; } dump_indent = 6; /* Because we know BIO_dump_indent() */ p = *pp; tot = p + length; while (length > 0) { op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); if (j & 0x80) { if (BIO_write(bp, "Error in encoding\n", 18) <= 0) goto end; ret = 0; goto end; } hl = (p - op); length -= hl; /* * if j == 0x21 it is a constructed indefinite length object */ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) <= 0) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", depth, (long)hl, len) <= 0) goto end; } else { if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) goto end; } if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { const unsigned char *sp = p; ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n", length); ret = 0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } if ((r == 2) || (p >= tot)) { len = p - sp; break; } } } else { long tmp = len; while (p < ep) { sp = p; r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } tmp -= p - sp; } } } else if (xclass != 0) { p += len; if (BIO_write(bp, "\n", 1) <= 0) goto end; } else { nl = 0; if ((tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_NUMERICSTRING) || (tag == V_ASN1_UTF8STRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp, ":", 1) <= 0) goto end; if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp = op; if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; i2a_ASN1_OBJECT(bp, o); } else { if (BIO_puts(bp, ":BAD OBJECT") <= 0) goto end; dump_cont = 1; } } else if (tag == V_ASN1_BOOLEAN) { if (len != 1) { if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) goto end; dump_cont = 1; } if (len > 0) BIO_printf(bp, ":%u", p[0]); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i, printable = 1; opp = op; os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); if (os != NULL && os->length > 0) { opp = os->data; /* * testing whether the octet string is printable */ for (i = 0; i < os->length; i++) { if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable = 0; break; } } if (printable) /* printable string */ { if (BIO_write(bp, ":", 1) <= 0) goto end; if (BIO_write(bp, (const char *)opp, os->length) <= 0) goto end; } else if (!dump) /* * not printable => print octet string as hex dump */ { if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) goto end; for (i = 0; i < os->length; i++) { if (BIO_printf(bp, "%02X", opp[i]) <= 0) goto end; } } else /* print the normal dump */ { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)opp, ((dump == -1 || dump > os-> length) ? os->length : dump), dump_indent) <= 0) goto end; nl = 1; } } ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp = op; bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD INTEGER") <= 0) goto end; dump_cont = 1; } ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp = op; bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) goto end; dump_cont = 1; } ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)p, ((dump == -1 || dump > len) ? len : dump), dump_indent) <= 0) goto end; nl = 1; } if (dump_cont) { int i; const unsigned char *tmp = op + hl; if (BIO_puts(bp, ":[") <= 0) goto end; for (i = 0; i < len; i++) { if (BIO_printf(bp, "%02X", tmp[i]) <= 0) goto end; } if (BIO_puts(bp, "]") <= 0) goto end; } if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } p += len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret = 2; /* End of sequence */ goto end; } } length -= len; } ret = 1; end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); *pp = p; return (ret); }
static LUA_FUNCTION(openssl_crl_parse) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); int n, i; lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer); /* hash as used in CA directories to lookup cert by subject name */ { char buf[32]; snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl))); AUXILIAR_SET(L, -1, "hash", buf, string); } { const EVP_MD *digest = EVP_get_digestbyname("sha1"); unsigned char md[EVP_MAX_MD_SIZE]; int n = sizeof(md); if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n)) { lua_newtable(L); AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string); AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n); lua_setfield(L, -2, "fingerprint"); } } openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl)); lua_setfield(L, -2, "issuer"); PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl)); lua_setfield(L, -2, "lastUpdate"); PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl)); lua_setfield(L, -2, "nextUpdate"); openssl_push_x509_algor(L, crl->crl->sig_alg); lua_setfield(L, -2, "sig_alg"); PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL)); lua_setfield(L, -2, "crl_number"); PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L, -2, "extensions"); n = sk_X509_REVOKED_num(crl->crl->revoked); lua_newtable(L); for (i = 0; i < n; i++) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L,-2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L,-2, "revocationDate"); PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L,-2, "extensions"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "revoked"); return 1; }
static int crl_set_issuers(X509_CRL *crl) { int i, j; GENERAL_NAMES *gens, *gtmp; STACK_OF(X509_REVOKED) *revoked; revoked = X509_CRL_get_REVOKED(crl); gens = NULL; for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); STACK_OF(X509_EXTENSION) *exts; ASN1_ENUMERATED *reason; X509_EXTENSION *ext; gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer, &j, NULL); if (!gtmp && (j != -1)) { crl->flags |= EXFLAG_INVALID; return 1; } if (gtmp) { gens = gtmp; if (!crl->issuers) { crl->issuers = sk_GENERAL_NAMES_new_null(); if (!crl->issuers) return 0; } if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) return 0; } rev->issuer = gens; reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); if (!reason && (j != -1)) { crl->flags |= EXFLAG_INVALID; return 1; } if (reason) { rev->reason = ASN1_ENUMERATED_get(reason); ASN1_ENUMERATED_free(reason); } else rev->reason = CRL_REASON_NONE; /* Check for critical CRL entry extensions */ exts = rev->extensions; for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { ext = sk_X509_EXTENSION_value(exts, j); if (X509_EXTENSION_get_critical(ext)) { if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer) continue; crl->flags |= EXFLAG_CRITICAL; break; } } } return 1; }
DWORD VMCACreateRevokedFromCert( X509 *pCert, X509_REVOKED **pRevoked) { DWORD dwError = 0; X509_REVOKED *pTempRev = NULL; ASN1_TIME *pRevTime = NULL; ASN1_ENUMERATED *pCode = NULL; pCode = ASN1_ENUMERATED_new(); if(pCode == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } pTempRev = X509_REVOKED_new(); if (pTempRev == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } pRevTime = ASN1_TIME_new(); if (pRevTime == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } ASN1_TIME_set(pRevTime, time(NULL)); dwError = X509_REVOKED_set_serialNumber(pTempRev, X509_get_serialNumber(pCert)); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_SET_SERIAL_FAIL); dwError = X509_REVOKED_set_revocationDate(pTempRev, pRevTime); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_SET_TIME_FAIL); //TODO : Fix the UNSPECIFIED to real valid reason // which users can pass in. ASN1_ENUMERATED_set(pCode, CRL_REASON_UNSPECIFIED); dwError = X509_REVOKED_add1_ext_i2d(pTempRev, NID_crl_reason, pCode, 0, 0); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_REASON_FAIL); *pRevoked = pTempRev; cleanup : if(pRevTime != NULL) { ASN1_TIME_free(pRevTime); } if(pCode !=NULL) { ASN1_ENUMERATED_free(pCode); } return dwError; error: if(pTempRev != NULL) { X509_REVOKED_free(pTempRev); } goto cleanup; }
DWORD VMCACreateRevokedFromCert_Reason( ASN1_INTEGER *asnSerial, DWORD dwRevokedDate, VMCA_CRL_REASON certRevokeReason, X509_REVOKED **pRevoked) { DWORD dwError = 0; X509_REVOKED *pTempRev = NULL; ASN1_TIME *pRevTime = NULL; ASN1_ENUMERATED *pCode = NULL; pCode = ASN1_ENUMERATED_new(); if(pCode == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } pTempRev = X509_REVOKED_new(); if (pTempRev == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } pRevTime = ASN1_TIME_new(); if (pRevTime == NULL) { dwError = VMCA_OUT_MEMORY_ERR; BAIL_ON_ERROR(dwError); } ASN1_TIME_set(pRevTime, (time_t)dwRevokedDate); dwError = X509_REVOKED_set_serialNumber(pTempRev, asnSerial); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_SET_SERIAL_FAIL); dwError = X509_REVOKED_set_revocationDate(pTempRev, pRevTime); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_SET_TIME_FAIL); ASN1_ENUMERATED_set(pCode, certRevokeReason); dwError = X509_REVOKED_add1_ext_i2d(pTempRev, NID_crl_reason, pCode, 0, 0); BAIL_ON_SSL_ERROR(dwError, VMCA_CRL_REASON_FAIL); *pRevoked = pTempRev; cleanup : if(pRevTime != NULL) { ASN1_TIME_free(pRevTime); } if(pCode !=NULL) { ASN1_ENUMERATED_free(pCode); } return dwError; error: if(pTempRev != NULL) { X509_REVOKED_free(pTempRev); } goto cleanup; }
static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset, int depth, int indent, int dump, char *treecoords, struct GRSTasn1TagList taglist[], int maxtag, int *lasttag) { int sibling = 0; char sibtreecoords[512]; unsigned char *p,*ep,*tot,*op,*opp; long len; int tag,xclass,ret=0; int nl,hl,j,r; ASN1_OBJECT *o=NULL; ASN1_OCTET_STRING *os=NULL; int dump_indent; dump_indent = 6; /* Because we know BIO_dump_indent() */ p= *pp; tot=p+length; op=p-1; while ((p < tot) && (op < p)) { op=p; j=ASN1_get_object(&p,&len,&tag,&xclass,length); if (j & 0x80) { if ((bp != NULL) && (BIO_write(bp,"Error in encoding\n",18) <= 0)) goto end; ret=0; goto end; } hl=(p-op); length-=hl; ++sibling; sprintf(sibtreecoords, "%s-%d", treecoords, sibling); GRSTasn1AddToTaglist(taglist, maxtag, lasttag, sibtreecoords, (int)offset+(int)(op - *pp), (int) hl, len, tag); if (bp != NULL) { BIO_printf(bp, " %s %ld %ld %d %d ", sibtreecoords, (long)offset+(long)(op - *pp), hl, len, tag); GRSTasn1PrintPrintable(bp, p, // &((*pp)[(long)offset+(long)(op - *pp)+hl]), (len > 30) ? 30 : len); BIO_printf(bp, "\n"); } /* if j == 0x21 it is a constructed indefinite length object */ if ((bp != NULL) && (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) <= 0)) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if ((bp != NULL) && (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", depth,(long)hl,len) <= 0)) goto end; } else { if ((bp != NULL) && (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", depth,(long)hl) <= 0)) goto end; } if ((bp != NULL) && !asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) goto end; if (j & V_ASN1_CONSTRUCTED) { ep=p+len; if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; if (len > length) { if (bp != NULL) BIO_printf(bp, "length is greater than %ld\n",length); ret=0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r=GRSTasn1Parse2(bp,&p,(long)(tot-p), offset+(p - *pp),depth+1, indent,dump,sibtreecoords, taglist, maxtag, lasttag); if (r == 0) { ret=0; goto end; } if ((r == 2) || (p >= tot)) break; } } else while (p < ep) { r=GRSTasn1Parse2(bp,&p,(long)len, offset+(p - *pp),depth+1, indent,dump,sibtreecoords, taglist, maxtag, lasttag); if (r == 0) { ret=0; goto end; } } } else if (xclass != 0) { p+=len; if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } else { nl=0; if ( (tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if ((len > 0) && (bp != NULL) && BIO_write(bp,(char *)p,(int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp=op; if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) { if (bp != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; i2a_ASN1_OBJECT(bp,o); } } else { if ((bp != NULL) && (BIO_write(bp,":BAD OBJECT",11) <= 0)) goto end; } } else if (tag == V_ASN1_BOOLEAN) { int ii; ii = (int)*p; if (ii < 0 || (int)len != 1) { if ((bp != NULL) && (BIO_write(bp,"Bad boolean\n",12))) goto end; } if (bp != NULL) BIO_printf(bp,":%d",ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i; opp=op; os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); if (os != NULL) { opp=os->data; if (os->length > 0) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if ((bp != NULL) && (GRSTasn1PrintPrintable(bp, opp, os->length) <= 0)) goto end; } ASN1_OCTET_STRING_free(os); os=NULL; } } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp=op; bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); if (bs != NULL) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if ((bp != NULL) && (BIO_write(bp,"-",1) <= 0)) goto end; for (i=0; i<bs->length; i++) { if ((bp != NULL) && (BIO_printf(bp,"%02X", bs->data[i]) <= 0)) goto end; } if (bs->length == 0) { if ((bp != NULL) && (BIO_write(bp,"00",2) <= 0)) goto end; } } else { if ((bp != NULL) && (BIO_write(bp,"BAD INTEGER",11) <= 0)) goto end; } ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp=op; bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); if (bs != NULL) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if ((bp != NULL) && (BIO_write(bp,"-",1) <= 0)) goto end; for (i=0; i<bs->length; i++) { if ((bp != NULL) && (BIO_printf(bp,"%02X", bs->data[i]) <= 0)) goto end; } if (bs->length == 0) { if ((bp != NULL) && (BIO_write(bp,"00",2) <= 0)) goto end; } } else { if ((bp != NULL) && (BIO_write(bp,"BAD ENUMERATED",11) <= 0)) goto end; } ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } if ((bp != NULL) && (BIO_dump_indent(bp,(char *)p, ((dump == -1 || dump > len)?len:dump), dump_indent) <= 0)) goto end; nl=1; } if (!nl) { if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } p+=len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret=2; /* End of sequence */ goto end; } } length-=len; } ret=1; end: if (o != NULL) ASN1_OBJECT_free(o); if (os != NULL) ASN1_OCTET_STRING_free(os); *pp=p; return(ret); }