Add PKCS#12 documentation and new option in x509 to add certificate extensions.

 Changes between 0.9.2b and 0.9.3

  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for

     extension adding in x509 utility.

     [Steve Henson]

  *) Remove NOPROTO sections and error code comments.

     [Ulf Möller]

  OpenSSL STATUS                           Last modified at

  ______________                           $Date: 1999/04/26 20:56:18 $

  ______________                           $Date: 1999/04/27 00:36:14 $

  DEVELOPMENT STATE

        PKCS#12 code cleanup and enhancement.

	PKCS #8 and PKCS#5 v2.0 support.

	Private key, certificate and CRL API and implementation.

	Redo error code and DEF file generation scripts.

    o Mark is currently working on:

        Folding in any changes that are in the C2Net code base that were

" -text           - print the certificate in text form\n",

" -C              - print out C code forms\n",

" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",

" -config         - configuration file with X509V3 extensions to add\n",

NULL

};

static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);

static EVP_PKEY *load_key(char *file, int format);

static X509 *load_cert(char *file, int format);

static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest);

static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,

						LHASH *conf, char *section);

static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,

			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,

			 int create,int days);

			 int create,int days, LHASH *conf, char *section);

static int reqfile=0;

int MAIN(int argc, char **argv)

	int fingerprint=0;

	char buf[256];

	const EVP_MD *md_alg,*digest=EVP_md5();

	LHASH *extconf = NULL;

	char *extsect = NULL, *extfile = NULL;

	reqfile=0;

				goto bad;

				}

			}

		else if (strcmp(*argv,"-config") == 0)

			{

			if (--argc < 1) goto bad;

			extfile= *(++argv);

			}

		else if (strcmp(*argv,"-in") == 0)

			{

			if (--argc < 1) goto bad;

		goto end;

		}

	if (extfile) {

		long errorline;

		X509V3_CTX ctx;

		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {

			if (errorline <= 0)

				BIO_printf(bio_err,

					"error loading the config file '%s'\n",

								extfile);

                	else

                        	BIO_printf(bio_err,

				       "error on line %ld of config file '%s'\n"

							,errorline,extfile);

			goto end;

		}

		if(!(extsect = CONF_get_string(extconf, "default",

					 "extensions"))) extsect = "default";

		X509V3_set_ctx_test(&ctx);

		X509V3_set_conf_lhash(&ctx, extconf);

		if(!X509V3_EXT_add_conf(extconf, &ctx, extsect, NULL)) {

			BIO_printf(bio_err,

				"Error Loading extension section %s\n",

								 extsect);

			ERR_print_errors(bio_err);

			goto end;

                }

	} 

	if (reqfile)

		{

		EVP_PKEY *pkey;

		                        digest=EVP_dss1();

#endif

				if (!sign(x,Upkey,days,digest)) goto end;

				if (!sign(x,Upkey,days,digest,

						 extconf, extsect)) goto end;

				}

			else if (CA_flag == i)

				{

#endif

				if (!x509_certify(ctx,CAfile,digest,x,xca,

					CApkey,

					CAserial,CA_createserial,days))

					CApkey, CAserial,CA_createserial,days,

					extconf, extsect))

					goto end;

				}

			else if (x509req == i)

	ret=0;

end:

	OBJ_cleanup();

	if (out != NULL) BIO_free(out);

	if (STDout != NULL) BIO_free(STDout);

	if (ctx != NULL) X509_STORE_free(ctx);

	if (req != NULL) X509_REQ_free(req);

	if (x != NULL) X509_free(x);

	if (xca != NULL) X509_free(xca);

	if (Upkey != NULL) EVP_PKEY_free(Upkey);

	if (CApkey != NULL) EVP_PKEY_free(CApkey);

	if (rq != NULL) X509_REQ_free(rq);

	CONF_free(extconf);

	BIO_free(out);

	BIO_free(STDout);

	X509_STORE_free(ctx);

	X509_REQ_free(req);

	X509_free(x);

	X509_free(xca);

	EVP_PKEY_free(Upkey);

	EVP_PKEY_free(CApkey);

	X509_REQ_free(rq);

	X509V3_EXT_cleanup();

	EXIT(ret);

	}

static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,

	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,

	     int days)

	     int days, LHASH *conf, char *section)

	{

	int ret=0;

	BIO *io=NULL;

		}

	EVP_PKEY_free(upkey);

	if(conf) {

		X509V3_CTX ctx;

		X509_set_version(x,2); /* version 3 certificate */

                X509V3_set_ctx(&ctx, xca, x, NULL, NULL, 0);

                X509V3_set_conf_lhash(&ctx, conf);

                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto end;

	}

	if (!X509_sign(x,pkey,digest)) goto end;

	ret=1;

end:

	}

/* self sign */

static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest)

static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, 

						LHASH *conf, char *section)

	{

	EVP_PKEY *pktmp;

		goto err;

	if (!X509_set_pubkey(x,pkey)) goto err;

	if(conf) {

		X509V3_CTX ctx;

		X509_set_version(x,2); /* version 3 certificate */

                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);

                X509V3_set_conf_lhash(&ctx, conf);

                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;

	}

	if (!X509_sign(x,pkey,digest)) goto err;

	return(1);

err:

	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

	int i;

	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);

	if ((pbelu.pbe_nid != NID_undef) && pbe_algs) 

			i = sk_find (pbe_algs, (char *)&pbelu);

	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);

	else i = -1;

	if (i == -1) {

void EVP_PBE_cleanup(void)

{

	sk_pop_free(pbe_algs, FreeFunc);

	pbe_algs = NULL;

}

	{

	char **s;

	if(st == NULL) return 0;

	if (st->num_alloc <= st->num+1)

		{

		s=(char **)Realloc((char *)st->data,

	char *ret;

	int i,j;

	if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL);

	if ((st == NULL) || (st->num == 0) || (loc < 0)

					 || (loc >= st->num)) return(NULL);

	ret=st->data[loc];

	if (loc != st->num-1)

	char **r;

	int i;

	int (*comp_func)();

	if(st == NULL) return -1;

	if (st->comp == NULL)

		{