Re: [OpenCA-Devel] CA Certificate serial number.

Alexei Chetroi Thu, 24 Mar 2005 09:09:50 -0800

  Hi,

  I've converted crypto-utils.lib to use Math::BigInt.
  Michael, could you check next patch to see if I'm proceding correctly?
Particulary, I'm not sure whether we should use absolute compare when
comparing $max and $getSerial()?


  Best wishes

--
Alexei Chetroi

Smile... Tomorrow will be worse. (c) Murphy's Law

diff -ruN openca-0.9.2.2.orig/src/common/lib/functions/crypto-utils.lib 
openca-0.9.2.2/src/common/lib/functions/crypto-utils.lib
--- openca-0.9.2.2.orig/src/common/lib/functions/crypto-utils.lib       
2005-03-24 12:18:38.000000000 +0200
+++ openca-0.9.2.2/src/common/lib/functions/crypto-utils.lib    2005-03-24 
16:12:12.000000000 +0200
@@ -19,6 +19,7 @@
 
 use strict;
 use Locale::Messages (':libintl_h');
+use Math::BigInt lib => 'GMP';
 
 ##
 ## following you can find the defined errorcodes of this library
@@ -344,7 +345,8 @@
   ##   if defined and (Y|ON) then SUSPENDED will be interpreted like REVOKED
 
   my @index = ();
-  my $max = 0;
+  my $max = Math::BigInt->new('0');
+  my $serial;
   my @list;
   ## all entries are hashes with the following format
   ## STATUS V,E,R
@@ -362,12 +364,13 @@
     $hash {STATUS} = "V";
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
     $hash {DATE_2} = "";
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     print addPreLogLine (i18nGettext ("VALID_CA_CERTIFICATE: __CERT_SERIAL__", 
"__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   ## get all expired_ca_certificates
@@ -377,12 +380,13 @@
     $hash {STATUS} = "E";
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
     $hash {DATE_2} = "";
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     print addPreLogLine (i18nGettext ("EXPIRED_CA_CERTIFICATE: 
__CERT_SERIAL__", "__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   ## get all valid_certificates
@@ -392,12 +396,13 @@
     $hash {STATUS} = "V";
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
     $hash {DATE_2} = "";
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     print addPreLogLine (i18nGettext ("VALID_CERTIFICATE: __CERT_SERIAL__", 
"__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   ## get all expired_certificates
@@ -407,12 +412,13 @@
     $hash {STATUS} = "E";
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
     $hash {DATE_2} = "";
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     print addPreLogLine (i18nGettext ("EXPIRED_CERTIFICATE: __CERT_SERIAL__", 
"__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   ## get all suspended_certificates
@@ -426,12 +432,13 @@
     }
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
     $hash {DATE_2} = "";
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     print addPreLogLine (i18nGettext ("SUSPENDED_CERTIFICATE: 
__CERT_SERIAL__", "__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   ## get all revoked_certificates
@@ -440,7 +447,8 @@
     my %hash;
     $hash {STATUS} = "R";
     $hash {DATE_1} = $cryptoShell->getOpenSSLDate ($value->getParsed 
()->{NOTBEFORE});
-    $hash {SERIAL} = sprintf ("%lX", $value->getSerial());
+    $serial = Math::BigInt->new ($value->getSerial());
+    $hash {SERIAL} = substr ($serial->as_hex(), 2);
     $hash {SERIAL} = "0".$hash {SERIAL} if (length ($hash {SERIAL}) % 2);
     $hash {DN}     = $value->getParsed ()->{OPENSSL_SUBJECT};
     my @result = $db->searchItems ( DATATYPE => "ARCHIVED_CRR",
@@ -454,8 +462,8 @@
       }
     }
     print addPreLogLine (i18nGettext ("REVOKED_CERTIFICATE: __CERT_SERIAL__", 
"__CERT_SERIAL__", $hash{SERIAL}));
-    $index [$value->getSerial()] = \%hash;
-    $max = $value->getSerial() if ($value->getSerial() > $max);
+    $index ["$value->getSerial()"] = \%hash;
+    $max = $serial->copy() if ($serial->bacmp($max));
   }
 
   print closeLogSection ();
@@ -501,12 +509,12 @@
                            "__FILE__", $keys->{DB});
        return undef;
     }
-    $max++;
-    $max = sprintf ("%lX", $max);
-    $max = "0".$max if (length ($max) % 2);
-    print FD $max;
+    $max->binc();
+    my $smax = substr ($max->as_hex(), 2);
+    $smax = "0".$smax if (length ($smax) % 2);
+    print FD $smax;
     close(FD);
-    print addLogLine (gettext($max));
+    print addLogLine (gettext($smax));
     print closeLogSection ();
   }
 
diff -ruN openca-0.9.2.2.orig/src/modules/openca-openssl/OpenSSL.xs 
openca-0.9.2.2/src/modules/openca-openssl/OpenSSL.xs
--- openca-0.9.2.2.orig/src/modules/openca-openssl/OpenSSL.xs   2005-03-24 
12:18:38.000000000 +0200
+++ openca-0.9.2.2/src/modules/openca-openssl/OpenSSL.xs        2005-03-24 
16:13:07.000000000 +0200
@@ -70,15 +70,11 @@
 
 # We do not really support serials that don't fit in one int
 
-int
+char *
 serial(cert)
        OpenCA_OpenSSL_X509 cert
-    PREINIT:
-       char * stringval;
     CODE:
-       stringval = i2s_ASN1_INTEGER(NULL,X509_get_serialNumber(cert));
-       RETVAL = atoi(stringval);
-       free(stringval);
+       RETVAL = i2s_ASN1_INTEGER(NULL,X509_get_serialNumber(cert));
     OUTPUT:
        RETVAL

Re: [OpenCA-Devel] CA Certificate serial number.

Reply via email to