Overhaul 'crl' application, add a proper X509_CRL_print function and start

to support CRL extensions.
1999-02-19 01:29:29 +00:00 · 1999-02-19 01:29:29 +00:00 · 0ca5f8b15c
commit 0ca5f8b15c
parent 6b056c414d
16 changed files with 354 additions and 57 deletions
--- a/4
+++ b/4
@ -5,6 +5,10 @@
 Changes between 0.9.1c and 0.9.2
  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
     for some CRL extensions and new objects added.
     [Steve Henson]
  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
     key usage extension and fuller support for authority key id.
     [Steve Henson]
--- a/apps/crl.c
+++ b/apps/crl.c
@ -63,6 +63,7 @@
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
 #include "x509v3.h"
 #include "pem.h"
 #undef PROG
@ -104,7 +105,7 @@ char **argv;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 	apps_startup();
@ -142,10 +143,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			{
 			outformat=FORMAT_TEXT;
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@ -156,6 +153,8 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@ -176,14 +175,6 @@ char **argv;
 		argv++;
 		}
 	if (outformat == FORMAT_TEXT)
 		{
 		num=0;
 		issuer= ++num;
 		lastupdate= ++num;
 		nextupdate= ++num;
 		}
 	if (badops)
 		{
 bad:
@ -193,6 +184,7 @@ bad:
 		}
 	ERR_load_crypto_strings();
 	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
@ -203,28 +195,28 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
+				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
+				BIO_printf(bio_out,"lastUpdate=");
 				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
+				BIO_printf(bio_out,"nextUpdate=");
 				if (x->crl->nextUpdate != NULL)
 					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
 				else
-					fprintf(stdout,"NONE");
+					BIO_printf(bio_out,"NONE");
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
@ -249,27 +241,11 @@ bad:
 			}
 		}
 	if (text) X509_CRL_print(out, x);
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
 	else if (outformat == FORMAT_TEXT)
 		{
 		X509_REVOKED *r;
 		STACK *sk;
 		sk=sk_dup(x->crl->revoked);
 		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
 			{
 			fprintf(stdout,"revoked: serialNumber=");
 			i2a_ASN1_INTEGER(out,r->serialNumber);
 			fprintf(stdout," revocationDate=");
 			ASN1_TIME_print(bio_out,r->revocationDate);
 			fprintf(stdout,"\n");
 			}
 		sk_free(sk);
 		i=1;
 		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@ -278,9 +254,10 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
+	BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
+	BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	X509_CRL_free(x);
 	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
@ -324,7 +301,7 @@ int format;
 		}
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@ -30,7 +30,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
 	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-	t_req.c t_x509.c t_pkey.c \
+	t_req.c t_x509.c t_crl.c t_pkey.c \
 	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
 	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
 	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
@ -45,7 +45,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
 	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-	t_req.o t_x509.o t_pkey.o \
+	t_req.o t_x509.o t_crl.o t_pkey.o \
 	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
 	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
 	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@ -0,0 +1,173 @@
 /* t_crl.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include "cryptlib.h"
 #include "buffer.h"
 #include "bn.h"
 #include "objects.h"
 #include "x509.h"
 #include "x509v3.h"
 #ifndef NOPROTO
 static void ext_print(BIO *out, X509_EXTENSION *ex);
 #else
 static void ext_print();
 #endif
 #ifndef NO_FP_API
 int X509_CRL_print_fp(fp,x)
 FILE *fp;
 X509_CRL *x;
        {
        BIO *b;
        int ret;
        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
                return(0);
 		}
        BIO_set_fp(b,fp,BIO_NOCLOSE);
        ret=X509_CRL_print(b, x);
        BIO_free(b);
        return(ret);
        }
 #endif
 void X509_CRL_print(out, x)
 BIO *out;
 X509_CRL *x;
 {
 	char buf[256];
 	unsigned char *s;
 	STACK *rev;
 	X509_REVOKED *r;
 	long l;
 	int i, j, n;
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
 	l = X509_CRL_get_version(x);
 	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
 	i = OBJ_obj2nid(x->sig_alg->algorithm);
 	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
 				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
 	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
 	BIO_printf(out,"%8sIssuer: %s\n","",buf);
 	BIO_printf(out,"%8sLast Update: ","");
 	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
 	BIO_printf(out,"\n%8sNext Update: ","");
 	if (X509_CRL_get_nextUpdate(x))
 		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
 	else BIO_printf(out,"NONE");
 	BIO_printf(out,"\n");
 	n=X509_CRL_get_ext_count(x);
 	if (n > 0) {
 		BIO_printf(out,"%8sCRL extensions:\n","");
 		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
 	}
 	rev = X509_CRL_get_REVOKED(x);
 	if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");
 	else BIO_printf(out, "No Revoked Certificates.\n");
 	for(i = 0; i < sk_num(rev); i++) {
 		r = (X509_REVOKED *) sk_value(rev, i);
 		BIO_printf(out,"    Serial Number: ");
 		i2a_ASN1_INTEGER(out,r->serialNumber);
 		BIO_printf(out,"\n        Revocation Date: ","");
 		ASN1_TIME_print(out,r->revocationDate);
 		BIO_printf(out,"\n");
 		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
 				ext_print(out, X509_REVOKED_get_ext(r, j));
 	}
 	i=OBJ_obj2nid(x->sig_alg->algorithm);
 	BIO_printf(out,"    Signature Algorithm: %s",
 				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
 	s = x->signature->data;
 	n = x->signature->length;
 	for (i=0; i<n; i++, s++)
 	{
 		if ((i%18) == 0) BIO_write(out,"\n        ",9);
 		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
 	}
 	BIO_write(out,"\n",1);
 }
 static void ext_print(out, ex)
 BIO *out;
 X509_EXTENSION *ex;
 {
 	ASN1_OBJECT *obj;
 	int j;
 	BIO_printf(out,"%12s","");
 	obj=X509_EXTENSION_get_object(ex);
 	i2a_ASN1_OBJECT(out,obj);
 	j=X509_EXTENSION_get_critical(ex);
 	BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
 	if(!X509V3_EXT_print(out, ex, 0))
 				 ASN1_OCTET_STRING_print(out,ex->value);
 	BIO_write(out,"\n",1);
 }
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -61,12 +61,12 @@
 * perl obj_dat.pl < objects.h > obj_dat.h
 */
-#define NUM_NID 140
+#define NUM_NID 143
-#define NUM_SN 111
+#define NUM_SN 114
-#define NUM_LN 136
+#define NUM_LN 139
-#define NUM_OBJ 112
+#define NUM_OBJ 115
-static unsigned char lvalues[726]={
+static unsigned char lvalues[735]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@ -179,6 +179,9 @@ static unsigned char lvalues[726]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
 0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */
 0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */
 0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */
 };
 static ASN1_OBJECT nid_objs[NUM_NID]={
@ -372,6 +375,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
 	&(lvalues[706]),0},
 {"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
 {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
 	&(lvalues[725]),0},
 {"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
 	&(lvalues[731]),0},
 };
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -385,6 +393,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[109]),/* "CAST5-ECB" */
 &(nid_objs[111]),/* "CAST5-OFB" */
 &(nid_objs[13]),/* "CN" */
 &(nid_objs[141]),/* "CRLReason" */
 &(nid_objs[107]),/* "D" */
 &(nid_objs[31]),/* "DES-CBC" */
 &(nid_objs[30]),/* "DES-CFB" */
@ -458,9 +467,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[131]),/* "codeSigning" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
 &(nid_objs[140]),/* "deltaCRL" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
 &(nid_objs[128]),/* "id-kp" */
 &(nid_objs[142]),/* "invalidityDate" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
 &(nid_objs[81]),/* "ld-ce" */
@ -489,8 +500,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 };
 static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[141]),/* "CRL Reason Code" */
 &(nid_objs[131]),/* "Code Signing" */
 &(nid_objs[132]),/* "E-mail Protection" */
 &(nid_objs[142]),/* "Invalidity Date" */
 &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
 &(nid_objs[138]),/* "Microsoft Encrypted File System" */
 &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
@ -519,6 +532,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
 &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
@ -652,6 +666,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
 &(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
 &(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
 &(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
@ -659,8 +676,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
 &(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
 &(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@ -739,6 +739,21 @@ extern "C" {
 #define NID_ns_sgc			139
 #define OBJ_ns_sgc			OBJ_netscape,4L,1L
 #define SN_delta_crl			"deltaCRL"
 #define LN_delta_crl			"X509v3 Delta CRL Indicator"
 #define NID_delta_crl			140
 #define OBJ_delta_crl			OBJ_ld_ce,27L
 #define SN_crl_reason			"CRLReason"
 #define LN_crl_reason			"CRL Reason Code"
 #define NID_crl_reason			141
 #define OBJ_crl_reason			OBJ_ld_ce,21L
 #define SN_invalidity_date		"invalidityDate"
 #define LN_invalidity_date		"Invalidity Date"
 #define NID_invalidity_date		142
 #define OBJ_invalidity_date		OBJ_ld_ce,24L
 #include "bio.h"
 #include "asn1.h"
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -1,3 +1,4 @@
 /* crypto/x509/x509.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
@ -487,6 +488,12 @@ typedef struct CBCParameter_st
 #define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
 #define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 #define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
 #define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
 #define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
 #define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
 #define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
 /* This one is only used so that a binary form can output, as in
 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
@ -734,12 +741,14 @@ unsigned long	X509_NAME_hash(X509_NAME *x);
 int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
 #ifndef NO_FP_API
 int		X509_print_fp(FILE *bp,X509 *x);
 int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 #endif
 #ifdef HEADER_BIO_H
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int		X509_print(BIO *bp,X509 *x);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
@ -1049,11 +1058,13 @@ unsigned long	X509_NAME_hash();
 int		X509_CRL_cmp();
 #ifndef NO_FP_API
 int		X509_print_fp();
 int		X509_CRL_print_fp();
 int		X509_REQ_print_fp();
 #endif
 int		X509_NAME_print();
 int		X509_print();
 int		X509_CRL_print();
 int		X509_REQ_print();
 int 		X509_NAME_entry_count();
--- a/crypto/x509v3/Makefile.ssl
+++ b/crypto/x509v3/Makefile.ssl
@ -24,9 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c
+v3_pku.c v3_int.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
 v3_int.o
 SRC= $(LIBSRC)
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@ -1,4 +1,4 @@
-/* v3_bitstr.c */
+/* v3_bitst.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@ -0,0 +1,80 @@
 /* v3_int.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <pem.h>
 #include <err.h>
 #include "x509v3.h"
 static ASN1_INTEGER *asn1_integer_new();
 X509V3_EXT_METHOD v3_crl_num = { 
 NID_crl_number, 0,
 (X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free,
 (X509V3_EXT_D2I)d2i_ASN1_INTEGER,
 i2d_ASN1_INTEGER,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
 (X509V3_EXT_S2I)NULL,
 NULL, NULL, NULL, NULL};
 static ASN1_INTEGER *asn1_integer_new()
 {
 	return ASN1_INTEGER_new();
 }
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@ -150,6 +150,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num;
 int X509V3_add_standard_extensions()
 {
 	X509V3_EXT_add_list(v3_ns_ia5_list);
@ -161,6 +163,7 @@ int X509V3_add_standard_extensions()
 	X509V3_EXT_add(&v3_skey_id);
 	X509V3_EXT_add(&v3_akey_id);
 	X509V3_EXT_add(&v3_pkey_usage_period);
 	X509V3_EXT_add(&v3_crl_num);
 	return 1;
 }
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@ -1,4 +1,4 @@
-/* v3_akey.c */
+/* v3_pku.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@ -133,19 +133,30 @@ STACK **extlist;
 	return 1;
 }
 char *i2s_ASN1_INTEGER(method, a)
 X509V3_EXT_METHOD *method;
 ASN1_INTEGER *a;
 {
 	BIGNUM *bntmp = NULL;
 	char *strtmp = NULL;
 	if(!a) return NULL;
 	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
 	    !(strtmp = BN_bn2dec(bntmp)) )
 		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 	BN_free(bntmp);
 	return strtmp;
 }
 int X509V3_add_value_int(name, aint, extlist)
 char *name;
 ASN1_INTEGER *aint;
 STACK **extlist;
 {
 	BIGNUM *bntmp;
 	char *strtmp;
 	int ret;
 	if(!aint) return 1;
-	bntmp = ASN1_INTEGER_to_BN(aint, NULL);
+	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
 	strtmp = BN_bn2dec(bntmp);
 	ret = X509V3_add_value(name, strtmp, extlist);
 	BN_free(bntmp);
 	Free(strtmp);
 	return ret;
 }
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@ -64,6 +64,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
 	{
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"I2S_ASN1_INTEGER"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),	"s2i_ASN1_OCTET_STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),	"S2I_ASN1_SKEY_ID"},
--- a/crypto/x509v3/x509v3.err
+++ b/crypto/x509v3/x509v3.err
@ -2,6 +2,7 @@
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING				 111
 #define X509V3_F_I2S_ASN1_INTEGER			 120
 #define X509V3_F_S2I_ASN1_IA5STRING			 100
 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
 #define X509V3_F_S2I_ASN1_SKEY_ID			 114
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@ -250,6 +250,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 int X509V3_add_value(char *name, char *value, STACK **extlist);
 int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
 int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
 char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
@ -315,6 +316,7 @@ int X509V3_get_value_int();
 int X509V3_add_value();
 int X509V3_add_value_bool();
 int X509V3_add_value_int();
 char *i2s_ASN1_INTEGER();
 int X509V3_EXT_add();
 int X509V3_EXT_add_alias();
 void X509V3_EXT_cleanup();
@ -338,6 +340,7 @@ int X509V3_EXT_print_fp();
 /* Function codes. */
 #define X509V3_F_HEX_TO_STRING				 111
 #define X509V3_F_I2S_ASN1_INTEGER			 120
 #define X509V3_F_S2I_ASN1_IA5STRING			 100
 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
 #define X509V3_F_S2I_ASN1_SKEY_ID			 114