From d0c98589146d79f1059638057dad9bb80d662339 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 4 Oct 2000 01:16:32 +0000
Subject: [PATCH] Global DirectoryString mask fix.

Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
---
 CHANGES                |   5 +
 apps/req.c             |  20 +++-
 crypto/asn1/a_strex.c  |  12 +++
 crypto/asn1/a_strnid.c |   2 +-
 crypto/asn1/t_x509.c   | 205 +++++++++++++++++++++++++----------------
 crypto/x509/x509.h     |  17 ++++
 6 files changed, 180 insertions(+), 81 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8643bda1c4..aeea390f77 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and initial X509_print_ex() function
+     to allow certificate printing to more controllable.
+     [Steve Henson]
+
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
diff --git a/apps/req.c b/apps/req.c
index 1aab38d9d7..4d707e83ed 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -143,6 +143,7 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
+	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -150,7 +151,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0;
+	int nodes=0,kludge=0,newhdr=0,subject=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
@@ -322,6 +323,13 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-subject") == 0)
+			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -803,7 +811,7 @@ loop:
 			BIO_printf(bio_err,"verify OK\n");
 		}
 
-	if (noout && !text && !modulus)
+	if (noout && !text && !modulus && !subject)
 		{
 		ex=0;
 		goto end;
@@ -840,6 +848,14 @@ loop:
 			X509_REQ_print(out,req);
 		}
 
+	if(subject) 
+		{
+		if(x509)
+			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+		else
+			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
+		}
+
 	if (modulus)
 		{
 		EVP_PKEY *pubkey;
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 569b811998..5335538ae0 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -491,12 +491,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
 
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		{
+		BIO *btmp;
+		int ret;
+		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+		if(!btmp) return -1;
+		ret = X509_NAME_print(btmp, nm, indent);
+		BIO_free(btmp);
+		return ret;
+		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
 
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 6b10cff994..732e68fe46 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 	if(tbl) {
 		mask = tbl->mask;
 		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
+		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
 					tbl->minsize, tbl->maxsize);
 	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
 	if(ret <= 0) return NULL;
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 314bdfb1c7..189e5bdce8 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -72,6 +72,11 @@
 
 #ifndef NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
+	{
+	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         {
         BIO *b;
         int ret;
@@ -82,17 +87,22 @@ int X509_print_fp(FILE *fp, X509 *x)
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print(b, x);
+        ret=X509_print_ex(b, x, nmflag, cflag);
         BIO_free(b);
         return(ret);
         }
 #endif
 
 int X509_print(BIO *bp, X509 *x)
+{
+	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
 	int ret=0,i,j,n;
-	char *m=NULL,*s;
+	char *m=NULL,*s, mlch = ' ';
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
@@ -100,89 +110,122 @@ int X509_print(BIO *bp, X509 *x)
 	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE)
+			mlch = '\n';
+
 	ci=x->cert_info;
-	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-	l=X509_get_version(x);
-	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-	bs=X509_get_serialNumber(x);
-	if (bs->length <= 4)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		l=ASN1_INTEGER_get(bs);
-		if (l < 0)
-			{
-			l= -l;
-			neg="-";
-			}
-		else
-			neg="";
-		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-			goto err;
+		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else
+	if(!(cflag & X509_FLAG_NO_VERSION))
+		{
+		l=X509_get_version(x);
+		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_SERIAL))
 		{
-		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-		for (i=0; i<bs->length; i++)
+		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+		bs=X509_get_serialNumber(x);
+		if (bs->length <= 4)
 			{
-			if (BIO_printf(bp,"%02x%c",bs->data[i],
-				((i+1 == bs->length)?'\n':':')) <= 0)
+			l=ASN1_INTEGER_get(bs);
+			if (l < 0)
+				{
+				l= -l;
+				neg="-";
+				}
+			else
+				neg="";
+			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
 				goto err;
 			}
+		else
+			{
+			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+			for (i=0; i<bs->length; i++)
+				{
+				if (BIO_printf(bp,"%02x%c",bs->data[i],
+					((i+1 == bs->length)?'\n':':')) <= 0)
+					goto err;
+				}
+			}
+
 		}
 
-	i=OBJ_obj2nid(ci->signature->algorithm);
-	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-		goto err;
-
-	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-		goto err;
-	i=OBJ_obj2nid(ci->key->algor->algorithm);
-	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
-
-	pkey=X509_get_pubkey(x);
-	if (pkey == NULL)
+	if(!(cflag & X509_FLAG_NO_SIGNAME))
 		{
-		BIO_printf(bp,"%12sUnable to load Public Key\n","");
-		ERR_print_errors(bp);
+		i=OBJ_obj2nid(ci->signature->algorithm);
+		if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+			goto err;
 		}
-	else
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+
+	if(!(cflag & X509_FLAG_NO_ISSUER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-		BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+		if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),16, nmflags)) goto err;
 		}
-	else
-#endif
-#ifndef NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
+	if(!(cflag & X509_FLAG_NO_SUBJECT))
+		{
+		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+		if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
+		{
+		if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+			goto err;
+		i=OBJ_obj2nid(ci->key->algor->algorithm);
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+
+		pkey=X509_get_pubkey(x);
+		if (pkey == NULL)
+			{
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
+			}
+		else
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
 #endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
-	EVP_PKEY_free(pkey);
+		EVP_PKEY_free(pkey);
+		}
 
-	n=X509_get_ext_count(x);
+	if (cflag & X509_FLAG_NO_EXTENSIONS)
+		n = 0;
+	else
+		n=X509_get_ext_count(x);
 	if (n > 0)
 		{
 		BIO_printf(bp,"%8sX509v3 extensions:\n","");
@@ -205,21 +248,27 @@ int X509_print(BIO *bp, X509 *x)
 			}
 		}
 
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
+		{
+		i=OBJ_obj2nid(x->sig_alg->algorithm);
+		if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
 
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+		n=x->signature->length;
+		s=(char *)x->signature->data;
+		for (i=0; i<n; i++)
+			{
+			if ((i%18) == 0)
+				if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+			if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+				((i+1) == n)?"":":") <= 0) goto err;
+			}
+		if (BIO_write(bp,"\n",1) != 1) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_AUX))
 		{
-		if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-			((i+1) == n)?"":":") <= 0) goto err;
+		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 		}
-	if (BIO_write(bp,"\n",1) != 1) goto err;
-	if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 813c8adffd..6b053359b7 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -320,6 +320,21 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED	2
 #define X509_TRUST_UNTRUSTED	3
 
+/* Flags for X509_print_ex() */
+
+#define	X509_FLAG_COMPAT		0
+#define	X509_FLAG_NO_HEADER		1L
+#define	X509_FLAG_NO_VERSION		(1L << 1)
+#define	X509_FLAG_NO_SERIAL		(1L << 2)
+#define	X509_FLAG_NO_SIGNAME		(1L << 3)
+#define	X509_FLAG_NO_ISSUER		(1L << 4)
+#define	X509_FLAG_NO_VALIDITY		(1L << 5)
+#define	X509_FLAG_NO_SUBJECT		(1L << 6)
+#define	X509_FLAG_NO_PUBKEY		(1L << 7)
+#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
+#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
+#define	X509_FLAG_NO_AUX		(1L << 10)
+
 /* Flags specific to X509_NAME_print_ex() */	
 
 /* The field separator information */
@@ -1034,6 +1049,7 @@ unsigned long	X509_NAME_hash(X509_NAME *x);
 
 int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 #ifndef NO_FP_API
+int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print_fp(FILE *bp,X509 *x);
 int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
@@ -1043,6 +1059,7 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla
 #ifndef NO_BIO
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print(BIO *bp,X509 *x);
 int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
-- 
GitLab