Add copy_extensions option to 'ca' utility.
[openssl.git] / apps / apps.c
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <sys/types.h>
63 #include <sys/stat.h>
64 #define NON_MAIN
65 #include "apps.h"
66 #undef NON_MAIN
67 #include <openssl/err.h>
68 #include <openssl/x509.h>
69 #include <openssl/x509v3.h>
70 #include <openssl/pem.h>
71 #include <openssl/pkcs12.h>
72 #include <openssl/safestack.h>
73
74 #ifdef OPENSSL_SYS_WINDOWS
75 #define strcasecmp _stricmp
76 #else
77 #include <strings.h>
78 #endif
79
80 #ifdef OPENSSL_SYS_WINDOWS
81 #  include "bss_file.c"
82 #endif
83
84 typedef struct {
85         char *name;
86         unsigned long flag;
87         unsigned long mask;
88 } NAME_EX_TBL;
89
90 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
91 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
92
93 int app_init(long mesgwin);
94 #ifdef undef /* never finished - probably never will be :-) */
95 int args_from_file(char *file, int *argc, char **argv[])
96         {
97         FILE *fp;
98         int num,i;
99         unsigned int len;
100         static char *buf=NULL;
101         static char **arg=NULL;
102         char *p;
103         struct stat stbuf;
104
105         if (stat(file,&stbuf) < 0) return(0);
106
107         fp=fopen(file,"r");
108         if (fp == NULL)
109                 return(0);
110
111         *argc=0;
112         *argv=NULL;
113
114         len=(unsigned int)stbuf.st_size;
115         if (buf != NULL) OPENSSL_free(buf);
116         buf=(char *)OPENSSL_malloc(len+1);
117         if (buf == NULL) return(0);
118
119         len=fread(buf,1,len,fp);
120         if (len <= 1) return(0);
121         buf[len]='\0';
122
123         i=0;
124         for (p=buf; *p; p++)
125                 if (*p == '\n') i++;
126         if (arg != NULL) OPENSSL_free(arg);
127         arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
128
129         *argv=arg;
130         num=0;
131         p=buf;
132         for (;;)
133                 {
134                 if (!*p) break;
135                 if (*p == '#') /* comment line */
136                         {
137                         while (*p && (*p != '\n')) p++;
138                         continue;
139                         }
140                 /* else we have a line */
141                 *(arg++)=p;
142                 num++;
143                 while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
144                         p++;
145                 if (!*p) break;
146                 if (*p == '\n')
147                         {
148                         *(p++)='\0';
149                         continue;
150                         }
151                 /* else it is a tab or space */
152                 p++;
153                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
154                         p++;
155                 if (!*p) break;
156                 if (*p == '\n')
157                         {
158                         p++;
159                         continue;
160                         }
161                 *(arg++)=p++;
162                 num++;
163                 while (*p && (*p != '\n')) p++;
164                 if (!*p) break;
165                 /* else *p == '\n' */
166                 *(p++)='\0';
167                 }
168         *argc=num;
169         return(1);
170         }
171 #endif
172
173 int str2fmt(char *s)
174         {
175         if      ((*s == 'D') || (*s == 'd'))
176                 return(FORMAT_ASN1);
177         else if ((*s == 'T') || (*s == 't'))
178                 return(FORMAT_TEXT);
179         else if ((*s == 'P') || (*s == 'p'))
180                 return(FORMAT_PEM);
181         else if ((*s == 'N') || (*s == 'n'))
182                 return(FORMAT_NETSCAPE);
183         else if ((*s == 'S') || (*s == 's'))
184                 return(FORMAT_SMIME);
185         else if ((*s == '1')
186                 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
187                 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
188                 return(FORMAT_PKCS12);
189         else if ((*s == 'E') || (*s == 'e'))
190                 return(FORMAT_ENGINE);
191         else
192                 return(FORMAT_UNDEF);
193         }
194
195 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
196 void program_name(char *in, char *out, int size)
197         {
198         int i,n;
199         char *p=NULL;
200
201         n=strlen(in);
202         /* find the last '/', '\' or ':' */
203         for (i=n-1; i>0; i--)
204                 {
205                 if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
206                         {
207                         p= &(in[i+1]);
208                         break;
209                         }
210                 }
211         if (p == NULL)
212                 p=in;
213         n=strlen(p);
214         /* strip off trailing .exe if present. */
215         if ((n > 4) && (p[n-4] == '.') &&
216                 ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
217                 ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
218                 ((p[n-1] == 'e') || (p[n-1] == 'E')))
219                 n-=4;
220         if (n > size-1)
221                 n=size-1;
222
223         for (i=0; i<n; i++)
224                 {
225                 if ((p[i] >= 'A') && (p[i] <= 'Z'))
226                         out[i]=p[i]-'A'+'a';
227                 else
228                         out[i]=p[i];
229                 }
230         out[n]='\0';
231         }
232 #else
233 #ifdef OPENSSL_SYS_VMS
234 void program_name(char *in, char *out, int size)
235         {
236         char *p=in, *q;
237         char *chars=":]>";
238
239         while(*chars != '\0')
240                 {
241                 q=strrchr(p,*chars);
242                 if (q > p)
243                         p = q + 1;
244                 chars++;
245                 }
246
247         q=strrchr(p,'.');
248         if (q == NULL)
249                 q = in+size;
250         strncpy(out,p,q-p);
251         out[q-p]='\0';
252         }
253 #else
254 void program_name(char *in, char *out, int size)
255         {
256         char *p;
257
258         p=strrchr(in,'/');
259         if (p != NULL)
260                 p++;
261         else
262                 p=in;
263         strncpy(out,p,size-1);
264         out[size-1]='\0';
265         }
266 #endif
267 #endif
268
269 #ifdef OPENSSL_SYS_WIN32
270 int WIN32_rename(char *from, char *to)
271         {
272 #ifdef OPENSSL_SYS_WINNT
273         int ret;
274 /* Note: MoveFileEx() doesn't work under Win95, Win98 */
275
276         ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
277         return(ret?0:-1);
278 #else
279         unlink(to);
280         return MoveFile(from, to);
281 #endif
282         }
283 #endif
284
285 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
286         {
287         int num,len,i;
288         char *p;
289
290         *argc=0;
291         *argv=NULL;
292
293         len=strlen(buf);
294         i=0;
295         if (arg->count == 0)
296                 {
297                 arg->count=20;
298                 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
299                 }
300         for (i=0; i<arg->count; i++)
301                 arg->data[i]=NULL;
302
303         num=0;
304         p=buf;
305         for (;;)
306                 {
307                 /* first scan over white space */
308                 if (!*p) break;
309                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
310                         p++;
311                 if (!*p) break;
312
313                 /* The start of something good :-) */
314                 if (num >= arg->count)
315                         {
316                         arg->count+=20;
317                         arg->data=(char **)OPENSSL_realloc(arg->data,
318                                 sizeof(char *)*arg->count);
319                         if (argc == 0) return(0);
320                         }
321                 arg->data[num++]=p;
322
323                 /* now look for the end of this */
324                 if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
325                         {
326                         i= *(p++);
327                         arg->data[num-1]++; /* jump over quote */
328                         while (*p && (*p != i))
329                                 p++;
330                         *p='\0';
331                         }
332                 else
333                         {
334                         while (*p && ((*p != ' ') &&
335                                 (*p != '\t') && (*p != '\n')))
336                                 p++;
337
338                         if (*p == '\0')
339                                 p--;
340                         else
341                                 *p='\0';
342                         }
343                 p++;
344                 }
345         *argc=num;
346         *argv=arg->data;
347         return(1);
348         }
349
350 #ifndef APP_INIT
351 int app_init(long mesgwin)
352         {
353         return(1);
354         }
355 #endif
356
357
358 int dump_cert_text (BIO *out, X509 *x)
359 {
360         char buf[256];
361         X509_NAME_oneline(X509_get_subject_name(x),buf,256);
362         BIO_puts(out,"subject=");
363         BIO_puts(out,buf);
364
365         X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
366         BIO_puts(out,"\nissuer= ");
367         BIO_puts(out,buf);
368         BIO_puts(out,"\n");
369         return 0;
370 }
371
372 static char *app_get_pass(BIO *err, char *arg, int keepbio);
373
374 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
375 {
376         int same;
377         if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
378         else same = 1;
379         if(arg1) {
380                 *pass1 = app_get_pass(err, arg1, same);
381                 if(!*pass1) return 0;
382         } else if(pass1) *pass1 = NULL;
383         if(arg2) {
384                 *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
385                 if(!*pass2) return 0;
386         } else if(pass2) *pass2 = NULL;
387         return 1;
388 }
389
390 static char *app_get_pass(BIO *err, char *arg, int keepbio)
391 {
392         char *tmp, tpass[APP_PASS_LEN];
393         static BIO *pwdbio = NULL;
394         int i;
395         if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
396         if(!strncmp(arg, "env:", 4)) {
397                 tmp = getenv(arg + 4);
398                 if(!tmp) {
399                         BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
400                         return NULL;
401                 }
402                 return BUF_strdup(tmp);
403         }
404         if(!keepbio || !pwdbio) {
405                 if(!strncmp(arg, "file:", 5)) {
406                         pwdbio = BIO_new_file(arg + 5, "r");
407                         if(!pwdbio) {
408                                 BIO_printf(err, "Can't open file %s\n", arg + 5);
409                                 return NULL;
410                         }
411                 } else if(!strncmp(arg, "fd:", 3)) {
412                         BIO *btmp;
413                         i = atoi(arg + 3);
414                         if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
415                         if((i < 0) || !pwdbio) {
416                                 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
417                                 return NULL;
418                         }
419                         /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
420                         btmp = BIO_new(BIO_f_buffer());
421                         pwdbio = BIO_push(btmp, pwdbio);
422                 } else if(!strcmp(arg, "stdin")) {
423                         pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
424                         if(!pwdbio) {
425                                 BIO_printf(err, "Can't open BIO for stdin\n");
426                                 return NULL;
427                         }
428                 } else {
429                         BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
430                         return NULL;
431                 }
432         }
433         i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
434         if(keepbio != 1) {
435                 BIO_free_all(pwdbio);
436                 pwdbio = NULL;
437         }
438         if(i <= 0) {
439                 BIO_printf(err, "Error reading password from BIO\n");
440                 return NULL;
441         }
442         tmp = strchr(tpass, '\n');
443         if(tmp) *tmp = 0;
444         return BUF_strdup(tpass);
445 }
446
447 int add_oid_section(BIO *err, LHASH *conf)
448 {       
449         char *p;
450         STACK_OF(CONF_VALUE) *sktmp;
451         CONF_VALUE *cnf;
452         int i;
453         if(!(p=CONF_get_string(conf,NULL,"oid_section")))
454                 {
455                 ERR_clear_error();
456                 return 1;
457                 }
458         if(!(sktmp = CONF_get_section(conf, p))) {
459                 BIO_printf(err, "problem loading oid section %s\n", p);
460                 return 0;
461         }
462         for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
463                 cnf = sk_CONF_VALUE_value(sktmp, i);
464                 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
465                         BIO_printf(err, "problem creating object %s=%s\n",
466                                                          cnf->name, cnf->value);
467                         return 0;
468                 }
469         }
470         return 1;
471 }
472
473 X509 *load_cert(BIO *err, char *file, int format)
474         {
475         ASN1_HEADER *ah=NULL;
476         BUF_MEM *buf=NULL;
477         X509 *x=NULL;
478         BIO *cert;
479
480         if ((cert=BIO_new(BIO_s_file())) == NULL)
481                 {
482                 ERR_print_errors(err);
483                 goto end;
484                 }
485
486         if (file == NULL)
487                 {
488                 setvbuf(stdin, NULL, _IONBF, 0);
489                 BIO_set_fp(cert,stdin,BIO_NOCLOSE);
490                 }
491         else
492                 {
493                 if (BIO_read_filename(cert,file) <= 0)
494                         {
495                         perror(file);
496                         goto end;
497                         }
498                 }
499
500         if      (format == FORMAT_ASN1)
501                 x=d2i_X509_bio(cert,NULL);
502         else if (format == FORMAT_NETSCAPE)
503                 {
504                 unsigned char *p,*op;
505                 int size=0,i;
506
507                 /* We sort of have to do it this way because it is sort of nice
508                  * to read the header first and check it, then
509                  * try to read the certificate */
510                 buf=BUF_MEM_new();
511                 for (;;)
512                         {
513                         if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
514                                 goto end;
515                         i=BIO_read(cert,&(buf->data[size]),1024*10);
516                         size+=i;
517                         if (i == 0) break;
518                         if (i < 0)
519                                 {
520                                 perror("reading certificate");
521                                 goto end;
522                                 }
523                         }
524                 p=(unsigned char *)buf->data;
525                 op=p;
526
527                 /* First load the header */
528                 if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
529                         goto end;
530                 if ((ah->header == NULL) || (ah->header->data == NULL) ||
531                         (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
532                         ah->header->length) != 0))
533                         {
534                         BIO_printf(err,"Error reading header on certificate\n");
535                         goto end;
536                         }
537                 /* header is ok, so now read the object */
538                 p=op;
539                 ah->meth=X509_asn1_meth();
540                 if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
541                         goto end;
542                 x=(X509 *)ah->data;
543                 ah->data=NULL;
544                 }
545         else if (format == FORMAT_PEM)
546                 x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
547         else if (format == FORMAT_PKCS12)
548                 {
549                 PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
550
551                 PKCS12_parse(p12, NULL, NULL, &x, NULL);
552                 PKCS12_free(p12);
553                 p12 = NULL;
554                 }
555         else    {
556                 BIO_printf(err,"bad input format specified for input cert\n");
557                 goto end;
558                 }
559 end:
560         if (x == NULL)
561                 {
562                 BIO_printf(err,"unable to load certificate\n");
563                 ERR_print_errors(err);
564                 }
565         if (ah != NULL) ASN1_HEADER_free(ah);
566         if (cert != NULL) BIO_free(cert);
567         if (buf != NULL) BUF_MEM_free(buf);
568         return(x);
569         }
570
571 EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
572         {
573         BIO *key=NULL;
574         EVP_PKEY *pkey=NULL;
575
576         if (file == NULL)
577                 {
578                 BIO_printf(err,"no keyfile specified\n");
579                 goto end;
580                 }
581         if (format == FORMAT_ENGINE)
582                 {
583                 if (!e)
584                         BIO_printf(bio_err,"no engine specified\n");
585                 else
586                         pkey = ENGINE_load_private_key(e, file, pass);
587                 goto end;
588                 }
589         key=BIO_new(BIO_s_file());
590         if (key == NULL)
591                 {
592                 ERR_print_errors(err);
593                 goto end;
594                 }
595         if (BIO_read_filename(key,file) <= 0)
596                 {
597                 perror(file);
598                 goto end;
599                 }
600         if (format == FORMAT_ASN1)
601                 {
602                 pkey=d2i_PrivateKey_bio(key, NULL);
603                 }
604         else if (format == FORMAT_PEM)
605                 {
606                 pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
607                 }
608         else if (format == FORMAT_PKCS12)
609                 {
610                 PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
611
612                 PKCS12_parse(p12, pass, &pkey, NULL, NULL);
613                 PKCS12_free(p12);
614                 p12 = NULL;
615                 }
616         else
617                 {
618                 BIO_printf(err,"bad input format specified for key\n");
619                 goto end;
620                 }
621  end:
622         if (key != NULL) BIO_free(key);
623         if (pkey == NULL)
624                 BIO_printf(err,"unable to load Private Key\n");
625         return(pkey);
626         }
627
628 EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
629         {
630         BIO *key=NULL;
631         EVP_PKEY *pkey=NULL;
632
633         if (file == NULL)
634                 {
635                 BIO_printf(err,"no keyfile specified\n");
636                 goto end;
637                 }
638         if (format == FORMAT_ENGINE)
639                 {
640                 if (!e)
641                         BIO_printf(bio_err,"no engine specified\n");
642                 else
643                         pkey = ENGINE_load_public_key(e, file, NULL);
644                 goto end;
645                 }
646         key=BIO_new(BIO_s_file());
647         if (key == NULL)
648                 {
649                 ERR_print_errors(err);
650                 goto end;
651                 }
652         if (BIO_read_filename(key,file) <= 0)
653                 {
654                 perror(file);
655                 goto end;
656                 }
657         if (format == FORMAT_ASN1)
658                 {
659                 pkey=d2i_PUBKEY_bio(key, NULL);
660                 }
661         else if (format == FORMAT_PEM)
662                 {
663                 pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
664                 }
665         else
666                 {
667                 BIO_printf(err,"bad input format specified for key\n");
668                 goto end;
669                 }
670  end:
671         if (key != NULL) BIO_free(key);
672         if (pkey == NULL)
673                 BIO_printf(err,"unable to load Public Key\n");
674         return(pkey);
675         }
676
677 STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
678         {
679         BIO *certs;
680         int i;
681         STACK_OF(X509) *othercerts = NULL;
682         STACK_OF(X509_INFO) *allcerts = NULL;
683         X509_INFO *xi;
684
685         if((certs = BIO_new(BIO_s_file())) == NULL)
686                 {
687                 ERR_print_errors(err);
688                 goto end;
689                 }
690
691         if (file == NULL)
692                 BIO_set_fp(certs,stdin,BIO_NOCLOSE);
693         else
694                 {
695                 if (BIO_read_filename(certs,file) <= 0)
696                         {
697                         perror(file);
698                         goto end;
699                         }
700                 }
701
702         if      (format == FORMAT_PEM)
703                 {
704                 othercerts = sk_X509_new_null();
705                 if(!othercerts)
706                         {
707                         sk_X509_free(othercerts);
708                         othercerts = NULL;
709                         goto end;
710                         }
711                 allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
712                 for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
713                         {
714                         xi = sk_X509_INFO_value (allcerts, i);
715                         if (xi->x509)
716                                 {
717                                 sk_X509_push(othercerts, xi->x509);
718                                 xi->x509 = NULL;
719                                 }
720                         }
721                 goto end;
722                 }
723         else    {
724                 BIO_printf(err,"bad input format specified for input cert\n");
725                 goto end;
726                 }
727 end:
728         if (othercerts == NULL)
729                 {
730                 BIO_printf(err,"unable to load certificates\n");
731                 ERR_print_errors(err);
732                 }
733         if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
734         if (certs != NULL) BIO_free(certs);
735         return(othercerts);
736         }
737
738
739 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
740 /* Return error for unknown extensions */
741 #define X509V3_EXT_DEFAULT              0
742 /* Print error for unknown extensions */
743 #define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
744 /* ASN1 parse unknown extensions */
745 #define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
746 /* BIO_dump unknown extensions */
747 #define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
748
749 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
750                          X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
751
752 int set_cert_ex(unsigned long *flags, const char *arg)
753 {
754         static const NAME_EX_TBL cert_tbl[] = {
755                 { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
756                 { "ca_default", X509_FLAG_CA, 0xffffffffl},
757                 { "no_header", X509_FLAG_NO_HEADER, 0},
758                 { "no_version", X509_FLAG_NO_VERSION, 0},
759                 { "no_serial", X509_FLAG_NO_SERIAL, 0},
760                 { "no_signame", X509_FLAG_NO_SIGNAME, 0},
761                 { "no_validity", X509_FLAG_NO_VALIDITY, 0},
762                 { "no_subject", X509_FLAG_NO_SUBJECT, 0},
763                 { "no_issuer", X509_FLAG_NO_ISSUER, 0},
764                 { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
765                 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
766                 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
767                 { "no_aux", X509_FLAG_NO_AUX, 0},
768                 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
769                 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
770                 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
771                 { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
772                 { NULL, 0, 0}
773         };
774         return set_multi_opts(flags, arg, cert_tbl);
775 }
776
777 int set_name_ex(unsigned long *flags, const char *arg)
778 {
779         static const NAME_EX_TBL ex_tbl[] = {
780                 { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
781                 { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
782                 { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
783                 { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
784                 { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
785                 { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
786                 { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
787                 { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
788                 { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
789                 { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
790                 { "compat", XN_FLAG_COMPAT, 0xffffffffL},
791                 { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
792                 { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
793                 { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
794                 { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
795                 { "dn_rev", XN_FLAG_DN_REV, 0},
796                 { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
797                 { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
798                 { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
799                 { "align", XN_FLAG_FN_ALIGN, 0},
800                 { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
801                 { "space_eq", XN_FLAG_SPC_EQ, 0},
802                 { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
803                 { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
804                 { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
805                 { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
806                 { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
807                 { NULL, 0, 0}
808         };
809         return set_multi_opts(flags, arg, ex_tbl);
810 }
811
812 int set_ext_copy(int *copy_type, const char *arg)
813 {
814         if (!strcasecmp(arg, "none"))
815                 *copy_type = EXT_COPY_NONE;
816         else if (!strcasecmp(arg, "copy"))
817                 *copy_type = EXT_COPY_ADD;
818         else if (!strcasecmp(arg, "copyall"))
819                 *copy_type = EXT_COPY_ALL;
820         else
821                 return 0;
822         return 1;
823 }
824
825 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
826 {
827         STACK_OF(X509_EXTENSION) *exts = NULL;
828         X509_EXTENSION *ext, *tmpext;
829         ASN1_OBJECT *obj;
830         int i, idx, ret = 0;
831         if (!x || !req || (copy_type == EXT_COPY_NONE))
832                 return 1;
833         exts = X509_REQ_get_extensions(req);
834
835         for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
836                 ext = sk_X509_EXTENSION_value(exts, i);
837                 obj = X509_EXTENSION_get_object(ext);
838                 idx = X509_get_ext_by_OBJ(x, obj, -1);
839                 /* Does extension exist? */
840                 if (idx != -1) {
841                         /* If normal copy don't override existing extension */
842                         if (copy_type == EXT_COPY_ADD)
843                                 continue;
844                         /* Delete all extensions of same type */
845                         do {
846                                 tmpext = X509_get_ext(x, idx);
847                                 X509_delete_ext(x, idx);
848                                 X509_EXTENSION_free(tmpext);
849                                 idx = X509_get_ext_by_OBJ(x, obj, -1);
850                         } while (idx != -1);
851                 }
852                 if (!X509_add_ext(x, ext, -1))
853                         goto end;
854         }
855
856         ret = 1;
857
858         end:
859
860         sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
861
862         return ret;
863 }
864                 
865                 
866                         
867
868 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
869 {
870         STACK_OF(CONF_VALUE) *vals;
871         CONF_VALUE *val;
872         int i, ret = 1;
873         if(!arg) return 0;
874         vals = X509V3_parse_list(arg);
875         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
876                 val = sk_CONF_VALUE_value(vals, i);
877                 if (!set_table_opts(flags, val->name, in_tbl))
878                         ret = 0;
879         }
880         sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
881         return ret;
882 }
883
884 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
885 {
886         char c;
887         const NAME_EX_TBL *ptbl;
888         c = arg[0];
889
890         if(c == '-') {
891                 c = 0;
892                 arg++;
893         } else if (c == '+') {
894                 c = 1;
895                 arg++;
896         } else c = 1;
897
898         for(ptbl = in_tbl; ptbl->name; ptbl++) {
899                 if(!strcasecmp(arg, ptbl->name)) {
900                         *flags &= ~ptbl->mask;
901                         if(c) *flags |= ptbl->flag;
902                         else *flags &= ~ptbl->flag;
903                         return 1;
904                 }
905         }
906         return 0;
907 }
908
909 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
910 {
911         char buf[256];
912         char mline = 0;
913         int indent = 0;
914         if(title) BIO_puts(out, title);
915         if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
916                 mline = 1;
917                 indent = 4;
918         }
919         if(lflags == XN_FLAG_COMPAT) {
920                 X509_NAME_oneline(nm,buf,256);
921                 BIO_puts(out,buf);
922                 BIO_puts(out, "\n");
923         } else {
924                 if(mline) BIO_puts(out, "\n");
925                 X509_NAME_print_ex(out, nm, indent, lflags);
926                 BIO_puts(out, "\n");
927         }
928 }
929
930 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
931 {
932         X509_STORE *store;
933         X509_LOOKUP *lookup;
934         if(!(store = X509_STORE_new())) goto end;
935         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
936         if (lookup == NULL) goto end;
937         if (CAfile) {
938                 if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
939                         BIO_printf(bp, "Error loading file %s\n", CAfile);
940                         goto end;
941                 }
942         } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
943                 
944         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
945         if (lookup == NULL) goto end;
946         if (CApath) {
947                 if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
948                         BIO_printf(bp, "Error loading directory %s\n", CApath);
949                         goto end;
950                 }
951         } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
952
953         ERR_clear_error();
954         return store;
955         end:
956         X509_STORE_free(store);
957         return NULL;
958 }