-/* $OpenBSD: extern.h,v 1.119 2022/02/10 15:33:47 claudio Exp $ */
+/* $OpenBSD: extern.h,v 1.120 2022/02/10 17:33:28 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
char *x509_get_pubkey(X509 *, const char *);
enum cert_purpose x509_get_purpose(X509 *, const char *);
int x509_get_time(const ASN1_TIME *, time_t *);
+char *x509_convert_seqnum(const char *, const ASN1_INTEGER *);
/* printers */
char *time2str(time_t);
-/* $OpenBSD: mft.c,v 1.52 2022/01/28 15:30:23 claudio Exp $ */
+/* $OpenBSD: mft.c,v 1.53 2022/02/10 17:33:28 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
const ASN1_TYPE *t;
const ASN1_GENERALIZEDTIME *from, *until;
long mft_version;
- BIGNUM *mft_seqnum = NULL;
int i = 0, rc = 0;
if ((seq = d2i_ASN1_SEQUENCE_ANY(NULL, &d, dsz)) == NULL) {
goto out;
}
- mft_seqnum = ASN1_INTEGER_to_BN(t->value.integer, NULL);
- if (mft_seqnum == NULL) {
- warnx("%s: ASN1_INTEGER_to_BN error", p->fn);
+ p->res->seqnum = x509_convert_seqnum(p->fn, t->value.integer);
+ if (p->res->seqnum == NULL)
goto out;
- }
-
- if (BN_is_negative(mft_seqnum)) {
- warnx("%s: RFC 6486 section 4.2.1: manifestNumber: "
- "want positive integer, have negative.", p->fn);
- goto out;
- }
-
- if (BN_num_bytes(mft_seqnum) > 20) {
- warnx("%s: RFC 6486 section 4.2.1: manifestNumber: "
- "want 20 or less than octets, have more.", p->fn);
- goto out;
- }
-
- p->res->seqnum = BN_bn2hex(mft_seqnum);
- if (p->res->seqnum == NULL) {
- warnx("%s: BN_bn2hex error", p->fn);
- goto out;
- }
/*
* Timestamps: this and next update time.
rc = 1;
out:
sk_ASN1_TYPE_pop_free(seq, ASN1_TYPE_free);
- BN_free(mft_seqnum);
return rc;
}
-/* $OpenBSD: print.c,v 1.4 2022/02/10 15:33:47 claudio Exp $ */
+/* $OpenBSD: print.c,v 1.5 2022/02/10 17:33:28 claudio Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
{
STACK_OF(X509_REVOKED) *revlist;
X509_REVOKED *rev;
+ ASN1_INTEGER *crlnum;
int i;
- long serial;
+ char *serial;
time_t t;
printf("Authority key identifier: %s\n", pretty_key_id(p->aki));
+
+ crlnum = X509_CRL_get_ext_d2i(p->x509_crl, NID_crl_number, NULL, NULL);
+ serial = x509_convert_seqnum(__func__, crlnum);
+ if (serial != NULL)
+ printf("CRL Serial Number: %s\n", serial);
+ free(serial);
+ ASN1_INTEGER_free(crlnum);
+
printf("CRL valid since: %s\n", time2str(p->issued));
printf("CRL valid until: %s\n", time2str(p->expires));
if (i == 0)
printf("Revoked Certificates:\n");
rev = sk_X509_REVOKED_value(revlist, i);
- serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(rev));
+
+ serial = x509_convert_seqnum(__func__,
+ X509_REVOKED_get0_serialNumber(rev));
x509_get_time(X509_REVOKED_get0_revocationDate(rev), &t);
- printf(" Serial: %8lx\tRevocation Date: %s\n", serial,
- time2str(t));
+ if (serial != NULL)
+ printf(" Serial: %8s Revocation Date: %s\n",
+ serial, time2str(t));
+ free(serial);
}
if (i == 0)
printf("No Revoked Certificates\n");
-/* $OpenBSD: x509.c,v 1.35 2022/02/10 15:33:47 claudio Exp $ */
+/* $OpenBSD: x509.c,v 1.36 2022/02/10 17:33:28 claudio Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
errx(1, "mktime failed");
return 1;
}
+
+/*
+ * Convert an ASN1_INTEGER into a hexstring.
+ * Returned string needs to be freed by the caller.
+ */
+char *
+x509_convert_seqnum(const char *fn, const ASN1_INTEGER *i)
+{
+ BIGNUM *seqnum = NULL;
+ char *s = NULL;
+
+ if (i == NULL)
+ goto out;
+
+ seqnum = ASN1_INTEGER_to_BN(i, NULL);
+ if (seqnum == NULL) {
+ warnx("%s: ASN1_INTEGER_to_BN error", fn);
+ goto out;
+ }
+
+ if (BN_is_negative(seqnum)) {
+ warnx("%s: %s: want positive integer, have negative.",
+ __func__, fn);
+ goto out;
+ }
+
+ if (BN_num_bytes(seqnum) > 20) {
+ warnx("%s: %s: want 20 octets or fewer, have more.",
+ __func__, fn);
+ goto out;
+ }
+
+ s = BN_bn2hex(seqnum);
+ if (s == NULL)
+ warnx("%s: BN_bn2hex error", fn);
+
+ out:
+ BN_free(seqnum);
+ return s;
+}
projects / openbsd / commitdiff