In UI_dup_*() function, use the duped string, not the original.
[openssl.git] / apps / apps.c
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <sys/types.h>
63 #include <sys/stat.h>
64 #define NON_MAIN
65 #include "apps.h"
66 #undef NON_MAIN
67 #include <openssl/err.h>
68 #include <openssl/x509.h>
69 #include <openssl/x509v3.h>
70 #include <openssl/pem.h>
71 #include <openssl/pkcs12.h>
72 #include <openssl/ui.h>
73 #include <openssl/safestack.h>
74
75 #ifdef OPENSSL_SYS_WINDOWS
76 #define strcasecmp _stricmp
77 #else
78 #include <strings.h>
79 #endif
80
81 #ifdef OPENSSL_SYS_WINDOWS
82 #  include "bss_file.c"
83 #endif
84
85 typedef struct {
86         char *name;
87         unsigned long flag;
88         unsigned long mask;
89 } NAME_EX_TBL;
90
91 static UI_METHOD *ui_method = NULL;
92
93 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
94 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
95
96 int app_init(long mesgwin);
97 #ifdef undef /* never finished - probably never will be :-) */
98 int args_from_file(char *file, int *argc, char **argv[])
99         {
100         FILE *fp;
101         int num,i;
102         unsigned int len;
103         static char *buf=NULL;
104         static char **arg=NULL;
105         char *p;
106         struct stat stbuf;
107
108         if (stat(file,&stbuf) < 0) return(0);
109
110         fp=fopen(file,"r");
111         if (fp == NULL)
112                 return(0);
113
114         *argc=0;
115         *argv=NULL;
116
117         len=(unsigned int)stbuf.st_size;
118         if (buf != NULL) OPENSSL_free(buf);
119         buf=(char *)OPENSSL_malloc(len+1);
120         if (buf == NULL) return(0);
121
122         len=fread(buf,1,len,fp);
123         if (len <= 1) return(0);
124         buf[len]='\0';
125
126         i=0;
127         for (p=buf; *p; p++)
128                 if (*p == '\n') i++;
129         if (arg != NULL) OPENSSL_free(arg);
130         arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
131
132         *argv=arg;
133         num=0;
134         p=buf;
135         for (;;)
136                 {
137                 if (!*p) break;
138                 if (*p == '#') /* comment line */
139                         {
140                         while (*p && (*p != '\n')) p++;
141                         continue;
142                         }
143                 /* else we have a line */
144                 *(arg++)=p;
145                 num++;
146                 while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
147                         p++;
148                 if (!*p) break;
149                 if (*p == '\n')
150                         {
151                         *(p++)='\0';
152                         continue;
153                         }
154                 /* else it is a tab or space */
155                 p++;
156                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
157                         p++;
158                 if (!*p) break;
159                 if (*p == '\n')
160                         {
161                         p++;
162                         continue;
163                         }
164                 *(arg++)=p++;
165                 num++;
166                 while (*p && (*p != '\n')) p++;
167                 if (!*p) break;
168                 /* else *p == '\n' */
169                 *(p++)='\0';
170                 }
171         *argc=num;
172         return(1);
173         }
174 #endif
175
176 int str2fmt(char *s)
177         {
178         if      ((*s == 'D') || (*s == 'd'))
179                 return(FORMAT_ASN1);
180         else if ((*s == 'T') || (*s == 't'))
181                 return(FORMAT_TEXT);
182         else if ((*s == 'P') || (*s == 'p'))
183                 return(FORMAT_PEM);
184         else if ((*s == 'N') || (*s == 'n'))
185                 return(FORMAT_NETSCAPE);
186         else if ((*s == 'S') || (*s == 's'))
187                 return(FORMAT_SMIME);
188         else if ((*s == '1')
189                 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
190                 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
191                 return(FORMAT_PKCS12);
192         else if ((*s == 'E') || (*s == 'e'))
193                 return(FORMAT_ENGINE);
194         else
195                 return(FORMAT_UNDEF);
196         }
197
198 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
199 void program_name(char *in, char *out, int size)
200         {
201         int i,n;
202         char *p=NULL;
203
204         n=strlen(in);
205         /* find the last '/', '\' or ':' */
206         for (i=n-1; i>0; i--)
207                 {
208                 if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
209                         {
210                         p= &(in[i+1]);
211                         break;
212                         }
213                 }
214         if (p == NULL)
215                 p=in;
216         n=strlen(p);
217         /* strip off trailing .exe if present. */
218         if ((n > 4) && (p[n-4] == '.') &&
219                 ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
220                 ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
221                 ((p[n-1] == 'e') || (p[n-1] == 'E')))
222                 n-=4;
223         if (n > size-1)
224                 n=size-1;
225
226         for (i=0; i<n; i++)
227                 {
228                 if ((p[i] >= 'A') && (p[i] <= 'Z'))
229                         out[i]=p[i]-'A'+'a';
230                 else
231                         out[i]=p[i];
232                 }
233         out[n]='\0';
234         }
235 #else
236 #ifdef OPENSSL_SYS_VMS
237 void program_name(char *in, char *out, int size)
238         {
239         char *p=in, *q;
240         char *chars=":]>";
241
242         while(*chars != '\0')
243                 {
244                 q=strrchr(p,*chars);
245                 if (q > p)
246                         p = q + 1;
247                 chars++;
248                 }
249
250         q=strrchr(p,'.');
251         if (q == NULL)
252                 q = in+size;
253         strncpy(out,p,q-p);
254         out[q-p]='\0';
255         }
256 #else
257 void program_name(char *in, char *out, int size)
258         {
259         char *p;
260
261         p=strrchr(in,'/');
262         if (p != NULL)
263                 p++;
264         else
265                 p=in;
266         strncpy(out,p,size-1);
267         out[size-1]='\0';
268         }
269 #endif
270 #endif
271
272 #ifdef OPENSSL_SYS_WIN32
273 int WIN32_rename(char *from, char *to)
274         {
275 #ifdef OPENSSL_SYS_WINNT
276         int ret;
277 /* Note: MoveFileEx() doesn't work under Win95, Win98 */
278
279         ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
280         return(ret?0:-1);
281 #else
282         unlink(to);
283         return MoveFile(from, to);
284 #endif
285         }
286 #endif
287
288 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
289         {
290         int num,len,i;
291         char *p;
292
293         *argc=0;
294         *argv=NULL;
295
296         len=strlen(buf);
297         i=0;
298         if (arg->count == 0)
299                 {
300                 arg->count=20;
301                 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
302                 }
303         for (i=0; i<arg->count; i++)
304                 arg->data[i]=NULL;
305
306         num=0;
307         p=buf;
308         for (;;)
309                 {
310                 /* first scan over white space */
311                 if (!*p) break;
312                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
313                         p++;
314                 if (!*p) break;
315
316                 /* The start of something good :-) */
317                 if (num >= arg->count)
318                         {
319                         arg->count+=20;
320                         arg->data=(char **)OPENSSL_realloc(arg->data,
321                                 sizeof(char *)*arg->count);
322                         if (argc == 0) return(0);
323                         }
324                 arg->data[num++]=p;
325
326                 /* now look for the end of this */
327                 if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
328                         {
329                         i= *(p++);
330                         arg->data[num-1]++; /* jump over quote */
331                         while (*p && (*p != i))
332                                 p++;
333                         *p='\0';
334                         }
335                 else
336                         {
337                         while (*p && ((*p != ' ') &&
338                                 (*p != '\t') && (*p != '\n')))
339                                 p++;
340
341                         if (*p == '\0')
342                                 p--;
343                         else
344                                 *p='\0';
345                         }
346                 p++;
347                 }
348         *argc=num;
349         *argv=arg->data;
350         return(1);
351         }
352
353 #ifndef APP_INIT
354 int app_init(long mesgwin)
355         {
356         return(1);
357         }
358 #endif
359
360
361 int dump_cert_text (BIO *out, X509 *x)
362 {
363         char buf[256];
364         X509_NAME_oneline(X509_get_subject_name(x),buf,256);
365         BIO_puts(out,"subject=");
366         BIO_puts(out,buf);
367
368         X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
369         BIO_puts(out,"\nissuer= ");
370         BIO_puts(out,buf);
371         BIO_puts(out,"\n");
372         return 0;
373 }
374
375 static int ui_open(UI *ui)
376         {
377         return UI_method_get_opener(UI_OpenSSL())(ui);
378         }
379 static int ui_read(UI *ui, UI_STRING *uis)
380         {
381         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
382                 && UI_get0_user_data(ui))
383                 {
384                 switch(UI_get_string_type(uis))
385                         {
386                 case UIT_PROMPT:
387                 case UIT_VERIFY:
388                         {
389                         const char *password =
390                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
391                         if (password[0] != '\0')
392                                 {
393                                 UI_set_result(uis, password);
394                                 return 1;
395                                 }
396                         }
397                 default:
398                         break;
399                         }
400                 }
401         return UI_method_get_reader(UI_OpenSSL())(ui, uis);
402         }
403 static int ui_write(UI *ui, UI_STRING *uis)
404         {
405         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
406                 && UI_get0_user_data(ui))
407                 {
408                 switch(UI_get_string_type(uis))
409                         {
410                 case UIT_PROMPT:
411                 case UIT_VERIFY:
412                         {
413                         const char *password =
414                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
415                         if (password[0] != '\0')
416                                 return 1;
417                         }
418                 default:
419                         break;
420                         }
421                 }
422         return UI_method_get_writer(UI_OpenSSL())(ui, uis);
423         }
424 static int ui_close(UI *ui)
425         {
426         return UI_method_get_closer(UI_OpenSSL())(ui);
427         }
428 int setup_ui_method()
429         {
430         ui_method = UI_create_method("OpenSSL application user interface");
431         UI_method_set_opener(ui_method, ui_open);
432         UI_method_set_reader(ui_method, ui_read);
433         UI_method_set_writer(ui_method, ui_write);
434         UI_method_set_closer(ui_method, ui_close);
435         return 0;
436         }
437 int password_callback(char *buf, int bufsiz, int verify,
438         PW_CB_DATA *cb_tmp)
439         {
440         UI *ui = NULL;
441         int res = 0;
442         const char *prompt_info = NULL;
443         const char *password = NULL;
444         PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
445
446         if (cb_data)
447                 {
448                 if (cb_data->password)
449                         password = cb_data->password;
450                 if (cb_data->prompt_info)
451                         prompt_info = cb_data->prompt_info;
452                 }
453
454         ui = UI_new_method(ui_method);
455         if (ui)
456                 {
457                 char errstring[80];
458                 int errstring_added = 0;
459                 int ok = 0;
460                 char *buff = NULL;
461                 int ui_flags = 0;
462                 char *prompt = NULL;
463
464                 prompt = UI_construct_prompt(ui, "pass phrase",
465                         cb_data->prompt_info);
466
467                 ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
468
469                 if (ok >= 0)
470                         ok = UI_add_input_string(ui,prompt,ui_flags,buf,0,BUFSIZ-1);
471                 if (ok >= 0 && verify)
472                         {
473                         buff = (char *)OPENSSL_malloc(bufsiz);
474                         ok = UI_add_verify_string(ui,prompt,ui_flags,buff,0,BUFSIZ-1,
475                                 buf);
476                         }
477                 if (ok >= 0)
478                         for(;;)
479                                 {
480                                 res = 0;
481                                 ok=UI_process(ui);
482                                 if (ok < 0)
483                                         break;
484                                 res=strlen(buf);
485                                 if (res < PW_MIN_LENGTH)
486                                         {
487                                         if (errstring_added == 0)
488                                                 {
489                                                 BIO_snprintf(errstring,
490                                                         sizeof(errstring),
491 "phrase is too short, needs to be at least %d chars\n", PW_MIN_LENGTH);
492                                                 UI_add_error_string(ui,
493                                                         errstring);
494                                                 }
495                                         errstring_added = 1;
496                                         }
497                                 else
498                                         break;
499                                 }
500                 if (buff)
501                         {
502                         memset(buf,0,(unsigned int)bufsiz);
503                         OPENSSL_free(buff);
504                         }
505
506                 if (ok == -1)
507                         {
508                         BIO_printf(bio_err, "User interface error\n");
509                         ERR_print_errors(bio_err);
510                         memset(buf,0,(unsigned int)bufsiz);
511                         res = 0;
512                         }
513                 if (ok == -2)
514                         {
515                         BIO_printf(bio_err,"aborted!\n");
516                         memset(buf,0,(unsigned int)bufsiz);
517                         res = 0;
518                         }
519                 UI_free(ui);
520                 }
521         return res;
522         }
523
524 static char *app_get_pass(BIO *err, char *arg, int keepbio);
525
526 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
527 {
528         int same;
529         if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
530         else same = 1;
531         if(arg1) {
532                 *pass1 = app_get_pass(err, arg1, same);
533                 if(!*pass1) return 0;
534         } else if(pass1) *pass1 = NULL;
535         if(arg2) {
536                 *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
537                 if(!*pass2) return 0;
538         } else if(pass2) *pass2 = NULL;
539         return 1;
540 }
541
542 static char *app_get_pass(BIO *err, char *arg, int keepbio)
543 {
544         char *tmp, tpass[APP_PASS_LEN];
545         static BIO *pwdbio = NULL;
546         int i;
547         if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
548         if(!strncmp(arg, "env:", 4)) {
549                 tmp = getenv(arg + 4);
550                 if(!tmp) {
551                         BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
552                         return NULL;
553                 }
554                 return BUF_strdup(tmp);
555         }
556         if(!keepbio || !pwdbio) {
557                 if(!strncmp(arg, "file:", 5)) {
558                         pwdbio = BIO_new_file(arg + 5, "r");
559                         if(!pwdbio) {
560                                 BIO_printf(err, "Can't open file %s\n", arg + 5);
561                                 return NULL;
562                         }
563                 } else if(!strncmp(arg, "fd:", 3)) {
564                         BIO *btmp;
565                         i = atoi(arg + 3);
566                         if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
567                         if((i < 0) || !pwdbio) {
568                                 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
569                                 return NULL;
570                         }
571                         /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
572                         btmp = BIO_new(BIO_f_buffer());
573                         pwdbio = BIO_push(btmp, pwdbio);
574                 } else if(!strcmp(arg, "stdin")) {
575                         pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
576                         if(!pwdbio) {
577                                 BIO_printf(err, "Can't open BIO for stdin\n");
578                                 return NULL;
579                         }
580                 } else {
581                         BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
582                         return NULL;
583                 }
584         }
585         i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
586         if(keepbio != 1) {
587                 BIO_free_all(pwdbio);
588                 pwdbio = NULL;
589         }
590         if(i <= 0) {
591                 BIO_printf(err, "Error reading password from BIO\n");
592                 return NULL;
593         }
594         tmp = strchr(tpass, '\n');
595         if(tmp) *tmp = 0;
596         return BUF_strdup(tpass);
597 }
598
599 int add_oid_section(BIO *err, LHASH *conf)
600 {       
601         char *p;
602         STACK_OF(CONF_VALUE) *sktmp;
603         CONF_VALUE *cnf;
604         int i;
605         if(!(p=CONF_get_string(conf,NULL,"oid_section")))
606                 {
607                 ERR_clear_error();
608                 return 1;
609                 }
610         if(!(sktmp = CONF_get_section(conf, p))) {
611                 BIO_printf(err, "problem loading oid section %s\n", p);
612                 return 0;
613         }
614         for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
615                 cnf = sk_CONF_VALUE_value(sktmp, i);
616                 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
617                         BIO_printf(err, "problem creating object %s=%s\n",
618                                                          cnf->name, cnf->value);
619                         return 0;
620                 }
621         }
622         return 1;
623 }
624
625 X509 *load_cert(BIO *err, const char *file, int format,
626         const char *pass, ENGINE *e, const char *cert_descrip)
627         {
628         ASN1_HEADER *ah=NULL;
629         BUF_MEM *buf=NULL;
630         X509 *x=NULL;
631         BIO *cert;
632
633         if ((cert=BIO_new(BIO_s_file())) == NULL)
634                 {
635                 ERR_print_errors(err);
636                 goto end;
637                 }
638
639         if (file == NULL)
640                 {
641                 setvbuf(stdin, NULL, _IONBF, 0);
642                 BIO_set_fp(cert,stdin,BIO_NOCLOSE);
643                 }
644         else
645                 {
646                 if (BIO_read_filename(cert,file) <= 0)
647                         {
648                         BIO_printf(err, "Error opening %s %s\n",
649                                 cert_descrip, file);
650                         ERR_print_errors(err);
651                         goto end;
652                         }
653                 }
654
655         if      (format == FORMAT_ASN1)
656                 x=d2i_X509_bio(cert,NULL);
657         else if (format == FORMAT_NETSCAPE)
658                 {
659                 unsigned char *p,*op;
660                 int size=0,i;
661
662                 /* We sort of have to do it this way because it is sort of nice
663                  * to read the header first and check it, then
664                  * try to read the certificate */
665                 buf=BUF_MEM_new();
666                 for (;;)
667                         {
668                         if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
669                                 goto end;
670                         i=BIO_read(cert,&(buf->data[size]),1024*10);
671                         size+=i;
672                         if (i == 0) break;
673                         if (i < 0)
674                                 {
675                                 perror("reading certificate");
676                                 goto end;
677                                 }
678                         }
679                 p=(unsigned char *)buf->data;
680                 op=p;
681
682                 /* First load the header */
683                 if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
684                         goto end;
685                 if ((ah->header == NULL) || (ah->header->data == NULL) ||
686                         (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
687                         ah->header->length) != 0))
688                         {
689                         BIO_printf(err,"Error reading header on certificate\n");
690                         goto end;
691                         }
692                 /* header is ok, so now read the object */
693                 p=op;
694                 ah->meth=X509_asn1_meth();
695                 if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
696                         goto end;
697                 x=(X509 *)ah->data;
698                 ah->data=NULL;
699                 }
700         else if (format == FORMAT_PEM)
701                 x=PEM_read_bio_X509_AUX(cert,NULL,
702                         (pem_password_cb *)password_callback, NULL);
703         else if (format == FORMAT_PKCS12)
704                 {
705                 PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
706
707                 PKCS12_parse(p12, NULL, NULL, &x, NULL);
708                 PKCS12_free(p12);
709                 p12 = NULL;
710                 }
711         else    {
712                 BIO_printf(err,"bad input format specified for %s\n",
713                         cert_descrip);
714                 goto end;
715                 }
716 end:
717         if (x == NULL)
718                 {
719                 BIO_printf(err,"unable to load certificate\n");
720                 ERR_print_errors(err);
721                 }
722         if (ah != NULL) ASN1_HEADER_free(ah);
723         if (cert != NULL) BIO_free(cert);
724         if (buf != NULL) BUF_MEM_free(buf);
725         return(x);
726         }
727
728 EVP_PKEY *load_key(BIO *err, const char *file, int format,
729         const char *pass, ENGINE *e, const char *key_descrip)
730         {
731         BIO *key=NULL;
732         EVP_PKEY *pkey=NULL;
733         PW_CB_DATA cb_data;
734
735         cb_data.password = pass;
736         cb_data.prompt_info = file;
737
738         if (file == NULL)
739                 {
740                 BIO_printf(err,"no keyfile specified\n");
741                 goto end;
742                 }
743         if (format == FORMAT_ENGINE)
744                 {
745                 if (!e)
746                         BIO_printf(bio_err,"no engine specified\n");
747                 else
748                         pkey = ENGINE_load_private_key(e, file,
749                                 ui_method, &cb_data);
750                 goto end;
751                 }
752         key=BIO_new(BIO_s_file());
753         if (key == NULL)
754                 {
755                 ERR_print_errors(err);
756                 goto end;
757                 }
758         if (BIO_read_filename(key,file) <= 0)
759                 {
760                 BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
761                 ERR_print_errors(err);
762                 goto end;
763                 }
764         if (format == FORMAT_ASN1)
765                 {
766                 pkey=d2i_PrivateKey_bio(key, NULL);
767                 }
768         else if (format == FORMAT_PEM)
769                 {
770                 pkey=PEM_read_bio_PrivateKey(key,NULL,
771                         (pem_password_cb *)password_callback, &cb_data);
772                 }
773         else if (format == FORMAT_PKCS12)
774                 {
775                 PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
776
777                 PKCS12_parse(p12, pass, &pkey, NULL, NULL);
778                 PKCS12_free(p12);
779                 p12 = NULL;
780                 }
781         else
782                 {
783                 BIO_printf(err,"bad input format specified for key file\n");
784                 goto end;
785                 }
786  end:
787         if (key != NULL) BIO_free(key);
788         if (pkey == NULL)
789                 BIO_printf(err,"unable to load %s\n", key_descrip);
790         return(pkey);
791         }
792
793 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
794         const char *pass, ENGINE *e, const char *key_descrip)
795         {
796         BIO *key=NULL;
797         EVP_PKEY *pkey=NULL;
798         PW_CB_DATA cb_data;
799
800         cb_data.password = pass;
801         cb_data.prompt_info = file;
802
803         if (file == NULL)
804                 {
805                 BIO_printf(err,"no keyfile specified\n");
806                 goto end;
807                 }
808         if (format == FORMAT_ENGINE)
809                 {
810                 if (!e)
811                         BIO_printf(bio_err,"no engine specified\n");
812                 else
813                         pkey = ENGINE_load_public_key(e, file,
814                                 ui_method, &cb_data);
815                 goto end;
816                 }
817         key=BIO_new(BIO_s_file());
818         if (key == NULL)
819                 {
820                 ERR_print_errors(err);
821                 goto end;
822                 }
823         if (BIO_read_filename(key,file) <= 0)
824                 {
825                 BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
826                 ERR_print_errors(err);
827                 goto end;
828                 }
829         if (format == FORMAT_ASN1)
830                 {
831                 pkey=d2i_PUBKEY_bio(key, NULL);
832                 }
833         else if (format == FORMAT_PEM)
834                 {
835                 pkey=PEM_read_bio_PUBKEY(key,NULL,
836                         (pem_password_cb *)password_callback, &cb_data);
837                 }
838         else
839                 {
840                 BIO_printf(err,"bad input format specified for key file\n");
841                 goto end;
842                 }
843  end:
844         if (key != NULL) BIO_free(key);
845         if (pkey == NULL)
846                 BIO_printf(err,"unable to load %s\n", key_descrip);
847         return(pkey);
848         }
849
850 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
851         const char *pass, ENGINE *e, const char *cert_descrip)
852         {
853         BIO *certs;
854         int i;
855         STACK_OF(X509) *othercerts = NULL;
856         STACK_OF(X509_INFO) *allcerts = NULL;
857         X509_INFO *xi;
858         PW_CB_DATA cb_data;
859
860         cb_data.password = pass;
861         cb_data.prompt_info = file;
862
863         if((certs = BIO_new(BIO_s_file())) == NULL)
864                 {
865                 ERR_print_errors(err);
866                 goto end;
867                 }
868
869         if (file == NULL)
870                 BIO_set_fp(certs,stdin,BIO_NOCLOSE);
871         else
872                 {
873                 if (BIO_read_filename(certs,file) <= 0)
874                         {
875                         BIO_printf(err, "Error opening %s %s\n",
876                                 cert_descrip, file);
877                         ERR_print_errors(err);
878                         goto end;
879                         }
880                 }
881
882         if      (format == FORMAT_PEM)
883                 {
884                 othercerts = sk_X509_new_null();
885                 if(!othercerts)
886                         {
887                         sk_X509_free(othercerts);
888                         othercerts = NULL;
889                         goto end;
890                         }
891                 allcerts = PEM_X509_INFO_read_bio(certs, NULL,
892                                 (pem_password_cb *)password_callback, &cb_data);
893                 for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
894                         {
895                         xi = sk_X509_INFO_value (allcerts, i);
896                         if (xi->x509)
897                                 {
898                                 sk_X509_push(othercerts, xi->x509);
899                                 xi->x509 = NULL;
900                                 }
901                         }
902                 goto end;
903                 }
904         else    {
905                 BIO_printf(err,"bad input format specified for %s\n",
906                         cert_descrip);
907                 goto end;
908                 }
909 end:
910         if (othercerts == NULL)
911                 {
912                 BIO_printf(err,"unable to load certificates\n");
913                 ERR_print_errors(err);
914                 }
915         if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
916         if (certs != NULL) BIO_free(certs);
917         return(othercerts);
918         }
919
920
921 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
922 /* Return error for unknown extensions */
923 #define X509V3_EXT_DEFAULT              0
924 /* Print error for unknown extensions */
925 #define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
926 /* ASN1 parse unknown extensions */
927 #define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
928 /* BIO_dump unknown extensions */
929 #define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
930
931 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
932                          X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
933
934 int set_cert_ex(unsigned long *flags, const char *arg)
935 {
936         static const NAME_EX_TBL cert_tbl[] = {
937                 { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
938                 { "ca_default", X509_FLAG_CA, 0xffffffffl},
939                 { "no_header", X509_FLAG_NO_HEADER, 0},
940                 { "no_version", X509_FLAG_NO_VERSION, 0},
941                 { "no_serial", X509_FLAG_NO_SERIAL, 0},
942                 { "no_signame", X509_FLAG_NO_SIGNAME, 0},
943                 { "no_validity", X509_FLAG_NO_VALIDITY, 0},
944                 { "no_subject", X509_FLAG_NO_SUBJECT, 0},
945                 { "no_issuer", X509_FLAG_NO_ISSUER, 0},
946                 { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
947                 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
948                 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
949                 { "no_aux", X509_FLAG_NO_AUX, 0},
950                 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
951                 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
952                 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
953                 { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
954                 { NULL, 0, 0}
955         };
956         return set_multi_opts(flags, arg, cert_tbl);
957 }
958
959 int set_name_ex(unsigned long *flags, const char *arg)
960 {
961         static const NAME_EX_TBL ex_tbl[] = {
962                 { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
963                 { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
964                 { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
965                 { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
966                 { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
967                 { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
968                 { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
969                 { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
970                 { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
971                 { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
972                 { "compat", XN_FLAG_COMPAT, 0xffffffffL},
973                 { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
974                 { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
975                 { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
976                 { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
977                 { "dn_rev", XN_FLAG_DN_REV, 0},
978                 { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
979                 { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
980                 { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
981                 { "align", XN_FLAG_FN_ALIGN, 0},
982                 { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
983                 { "space_eq", XN_FLAG_SPC_EQ, 0},
984                 { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
985                 { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
986                 { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
987                 { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
988                 { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
989                 { NULL, 0, 0}
990         };
991         return set_multi_opts(flags, arg, ex_tbl);
992 }
993
994 int set_ext_copy(int *copy_type, const char *arg)
995 {
996         if (!strcasecmp(arg, "none"))
997                 *copy_type = EXT_COPY_NONE;
998         else if (!strcasecmp(arg, "copy"))
999                 *copy_type = EXT_COPY_ADD;
1000         else if (!strcasecmp(arg, "copyall"))
1001                 *copy_type = EXT_COPY_ALL;
1002         else
1003                 return 0;
1004         return 1;
1005 }
1006
1007 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1008 {
1009         STACK_OF(X509_EXTENSION) *exts = NULL;
1010         X509_EXTENSION *ext, *tmpext;
1011         ASN1_OBJECT *obj;
1012         int i, idx, ret = 0;
1013         if (!x || !req || (copy_type == EXT_COPY_NONE))
1014                 return 1;
1015         exts = X509_REQ_get_extensions(req);
1016
1017         for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1018                 ext = sk_X509_EXTENSION_value(exts, i);
1019                 obj = X509_EXTENSION_get_object(ext);
1020                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1021                 /* Does extension exist? */
1022                 if (idx != -1) {
1023                         /* If normal copy don't override existing extension */
1024                         if (copy_type == EXT_COPY_ADD)
1025                                 continue;
1026                         /* Delete all extensions of same type */
1027                         do {
1028                                 tmpext = X509_get_ext(x, idx);
1029                                 X509_delete_ext(x, idx);
1030                                 X509_EXTENSION_free(tmpext);
1031                                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1032                         } while (idx != -1);
1033                 }
1034                 if (!X509_add_ext(x, ext, -1))
1035                         goto end;
1036         }
1037
1038         ret = 1;
1039
1040         end:
1041
1042         sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1043
1044         return ret;
1045 }
1046                 
1047                 
1048                         
1049
1050 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1051 {
1052         STACK_OF(CONF_VALUE) *vals;
1053         CONF_VALUE *val;
1054         int i, ret = 1;
1055         if(!arg) return 0;
1056         vals = X509V3_parse_list(arg);
1057         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1058                 val = sk_CONF_VALUE_value(vals, i);
1059                 if (!set_table_opts(flags, val->name, in_tbl))
1060                         ret = 0;
1061         }
1062         sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1063         return ret;
1064 }
1065
1066 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1067 {
1068         char c;
1069         const NAME_EX_TBL *ptbl;
1070         c = arg[0];
1071
1072         if(c == '-') {
1073                 c = 0;
1074                 arg++;
1075         } else if (c == '+') {
1076                 c = 1;
1077                 arg++;
1078         } else c = 1;
1079
1080         for(ptbl = in_tbl; ptbl->name; ptbl++) {
1081                 if(!strcasecmp(arg, ptbl->name)) {
1082                         *flags &= ~ptbl->mask;
1083                         if(c) *flags |= ptbl->flag;
1084                         else *flags &= ~ptbl->flag;
1085                         return 1;
1086                 }
1087         }
1088         return 0;
1089 }
1090
1091 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
1092 {
1093         char buf[256];
1094         char mline = 0;
1095         int indent = 0;
1096         if(title) BIO_puts(out, title);
1097         if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1098                 mline = 1;
1099                 indent = 4;
1100         }
1101         if(lflags == XN_FLAG_COMPAT) {
1102                 X509_NAME_oneline(nm,buf,256);
1103                 BIO_puts(out,buf);
1104                 BIO_puts(out, "\n");
1105         } else {
1106                 if(mline) BIO_puts(out, "\n");
1107                 X509_NAME_print_ex(out, nm, indent, lflags);
1108                 BIO_puts(out, "\n");
1109         }
1110 }
1111
1112 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
1113 {
1114         X509_STORE *store;
1115         X509_LOOKUP *lookup;
1116         if(!(store = X509_STORE_new())) goto end;
1117         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
1118         if (lookup == NULL) goto end;
1119         if (CAfile) {
1120                 if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
1121                         BIO_printf(bp, "Error loading file %s\n", CAfile);
1122                         goto end;
1123                 }
1124         } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
1125                 
1126         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
1127         if (lookup == NULL) goto end;
1128         if (CApath) {
1129                 if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
1130                         BIO_printf(bp, "Error loading directory %s\n", CApath);
1131                         goto end;
1132                 }
1133         } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
1134
1135         ERR_clear_error();
1136         return store;
1137         end:
1138         X509_STORE_free(store);
1139         return NULL;
1140 }
1141
1142 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
1143         {
1144         ENGINE *e = NULL;
1145
1146         if (engine)
1147                 {
1148                 if((e = ENGINE_by_id(engine)) == NULL)
1149                         {
1150                         BIO_printf(err,"invalid engine \"%s\"\n", engine);
1151                         return NULL;
1152                         }
1153                 if (debug)
1154                         {
1155                         ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1156                                 0, err, 0);
1157                         }
1158                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1159                 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
1160                         {
1161                         BIO_printf(err,"can't use that engine\n");
1162                         return NULL;
1163                         }
1164                 BIO_printf(err,"engine \"%s\" set.\n", engine);
1165                 /* Free our "structural" reference. */
1166                 ENGINE_free(e);
1167                 }
1168         return e;
1169         }