| OLD | NEW |
|---|
| 1 /* pkcs12.c */ | 1 /* pkcs12.c */ |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 * project. | 3 * project. |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 | 61 |
| 62 #include <stdio.h> | 62 #include <stdio.h> |
| 63 #include <stdlib.h> | 63 #include <stdlib.h> |
| 64 #include <string.h> | 64 #include <string.h> |
| 65 #include "apps.h" | 65 #include "apps.h" |
| 66 #include <openssl/crypto.h> | 66 #include <openssl/crypto.h> |
| 67 #include <openssl/err.h> | 67 #include <openssl/err.h> |
| 68 #include <openssl/pem.h> | 68 #include <openssl/pem.h> |
| 69 #include <openssl/pkcs12.h> | 69 #include <openssl/pkcs12.h> |
| 70 | 70 |
| 71 #ifdef OPENSSL_SYS_NETWARE | |
| 72 /* Rename these functions to avoid name clashes on NetWare OS */ | |
| 73 #define uni2asc OPENSSL_uni2asc | |
| 74 #define asc2uni OPENSSL_asc2uni | |
| 75 #endif | |
| 76 | |
| 77 #define PROG pkcs12_main | 71 #define PROG pkcs12_main |
| 78 | 72 |
| 79 const EVP_CIPHER *enc; | 73 const EVP_CIPHER *enc; |
| 80 | 74 |
| 81 | 75 |
| 82 #define NOKEYS 0x1 | 76 #define NOKEYS 0x1 |
| 83 #define NOCERTS 0x2 | 77 #define NOCERTS 0x2 |
| 84 #define INFO 0x4 | 78 #define INFO 0x4 |
| 85 #define CLCERTS 0x8 | 79 #define CLCERTS 0x8 |
| 86 #define CACERTS 0x10 | 80 #define CACERTS 0x10 |
| 87 | 81 |
| 88 int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); | 82 int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); |
| 89 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
ons, char *pempass); | 83 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
ons, char *pempass); |
| 90 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, | 84 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, |
| 91 int passlen, int options, char *pempass); | 85 int passlen, int options, char *pempass); |
| 92 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen
, int options, char *pempass); | 86 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen
, int options, char *pempass); |
| 93 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); | 87 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); |
| 94 void hex_prin(BIO *out, unsigned char *buf, int len); | 88 void hex_prin(BIO *out, unsigned char *buf, int len); |
| 95 int alg_print(BIO *x, X509_ALGOR *alg); | 89 int alg_print(BIO *x, X509_ALGOR *alg); |
| 96 int cert_load(BIO *in, STACK_OF(X509) *sk); | 90 int cert_load(BIO *in, STACK_OF(X509) *sk); |
| 91 static int set_pbe(BIO *err, int *ppbe, const char *str); |
| 97 | 92 |
| 98 int MAIN(int, char **); | 93 int MAIN(int, char **); |
| 99 | 94 |
| 100 int MAIN(int argc, char **argv) | 95 int MAIN(int argc, char **argv) |
| 101 { | 96 { |
| 102 ENGINE *e = NULL; | 97 ENGINE *e = NULL; |
| 103 char *infile=NULL, *outfile=NULL, *keyname = NULL; | 98 char *infile=NULL, *outfile=NULL, *keyname = NULL; |
| 104 char *certfile=NULL; | 99 char *certfile=NULL; |
| 105 BIO *in=NULL, *out = NULL; | 100 BIO *in=NULL, *out = NULL; |
| 106 char **args; | 101 char **args; |
| 107 char *name = NULL; | 102 char *name = NULL; |
| 108 char *csp_name = NULL; | 103 char *csp_name = NULL; |
| 109 int add_lmk = 0; | 104 int add_lmk = 0; |
| 110 PKCS12 *p12 = NULL; | 105 PKCS12 *p12 = NULL; |
| 111 char pass[50], macpass[50]; | 106 char pass[50], macpass[50]; |
| 112 int export_cert = 0; | 107 int export_cert = 0; |
| 113 int options = 0; | 108 int options = 0; |
| 114 int chain = 0; | 109 int chain = 0; |
| 115 int badarg = 0; | 110 int badarg = 0; |
| 116 int iter = PKCS12_DEFAULT_ITER; | 111 int iter = PKCS12_DEFAULT_ITER; |
| 117 int maciter = PKCS12_DEFAULT_ITER; | 112 int maciter = PKCS12_DEFAULT_ITER; |
| 118 int twopass = 0; | 113 int twopass = 0; |
| 119 int keytype = 0; | 114 int keytype = 0; |
| 120 int cert_pbe; | 115 int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
| 121 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 116 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
| 122 int ret = 1; | 117 int ret = 1; |
| 123 int macver = 1; | 118 int macver = 1; |
| 124 int noprompt = 0; | 119 int noprompt = 0; |
| 125 STACK *canames = NULL; | 120 STACK_OF(OPENSSL_STRING) *canames = NULL; |
| 126 char *cpass = NULL, *mpass = NULL; | 121 char *cpass = NULL, *mpass = NULL; |
| 127 char *passargin = NULL, *passargout = NULL, *passarg = NULL; | 122 char *passargin = NULL, *passargout = NULL, *passarg = NULL; |
| 128 char *passin = NULL, *passout = NULL; | 123 char *passin = NULL, *passout = NULL; |
| 129 char *inrand = NULL; | 124 char *inrand = NULL; |
| 125 char *macalg = NULL; |
| 130 char *CApath = NULL, *CAfile = NULL; | 126 char *CApath = NULL, *CAfile = NULL; |
| 131 #ifndef OPENSSL_NO_ENGINE | 127 #ifndef OPENSSL_NO_ENGINE |
| 132 char *engine=NULL; | 128 char *engine=NULL; |
| 133 #endif | 129 #endif |
| 134 | 130 |
| 135 apps_startup(); | 131 apps_startup(); |
| 136 | 132 |
| 137 #ifdef OPENSSL_FIPS | |
| 138 if (FIPS_mode()) | |
| 139 cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | |
| 140 else | |
| 141 #endif | |
| 142 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | |
| 143 | |
| 144 enc = EVP_des_ede3_cbc(); | 133 enc = EVP_des_ede3_cbc(); |
| 145 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); | 134 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
| 146 | 135 |
| 147 if (!load_config(bio_err, NULL)) | 136 if (!load_config(bio_err, NULL)) |
| 148 goto end; | 137 goto end; |
| 149 | 138 |
| 150 args = argv + 1; | 139 args = argv + 1; |
| 151 | 140 |
| 152 | 141 |
| 153 while (*args) { | 142 while (*args) { |
| (...skipping 30 matching lines...) Expand all Loading... |
| 184 else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc
(); | 173 else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc
(); |
| 185 else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc
(); | 174 else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc
(); |
| 186 #endif | 175 #endif |
| 187 else if (!strcmp (*args, "-noiter")) iter = 1; | 176 else if (!strcmp (*args, "-noiter")) iter = 1; |
| 188 else if (!strcmp (*args, "-maciter")) | 177 else if (!strcmp (*args, "-maciter")) |
| 189 maciter = PKCS12_DEFAULT_ITER; | 178 maciter = PKCS12_DEFAULT_ITER; |
| 190 else if (!strcmp (*args, "-nomaciter")) | 179 else if (!strcmp (*args, "-nomaciter")) |
| 191 maciter = 1; | 180 maciter = 1; |
| 192 else if (!strcmp (*args, "-nomac")) | 181 else if (!strcmp (*args, "-nomac")) |
| 193 maciter = -1; | 182 maciter = -1; |
| 183 else if (!strcmp (*args, "-macalg")) |
| 184 if (args[1]) { |
| 185 args++; |
| 186 macalg = *args; |
| 187 } else badarg = 1; |
| 194 else if (!strcmp (*args, "-nodes")) enc=NULL; | 188 else if (!strcmp (*args, "-nodes")) enc=NULL; |
| 195 else if (!strcmp (*args, "-certpbe")) { | 189 else if (!strcmp (*args, "-certpbe")) { |
| 196 » » » if (args[1]) { | 190 » » » if (!set_pbe(bio_err, &cert_pbe, *++args)) |
| 197 » » » » args++; | 191 » » » » badarg = 1; |
| 198 » » » » if (!strcmp(*args, "NONE")) | |
| 199 » » » » » cert_pbe = -1; | |
| 200 » » » » else | |
| 201 » » » » » cert_pbe=OBJ_txt2nid(*args); | |
| 202 » » » » if(cert_pbe == NID_undef) { | |
| 203 » » » » » BIO_printf(bio_err, | |
| 204 » » » » » » "Unknown PBE algorithm %s\n", *
args); | |
| 205 » » » » » badarg = 1; | |
| 206 » » » » } | |
| 207 » » » } else badarg = 1; | |
| 208 } else if (!strcmp (*args, "-keypbe")) { | 192 } else if (!strcmp (*args, "-keypbe")) { |
| 209 » » » if (args[1]) { | 193 » » » if (!set_pbe(bio_err, &key_pbe, *++args)) |
| 210 » » » » args++; | 194 » » » » badarg = 1; |
| 211 » » » » if (!strcmp(*args, "NONE")) | |
| 212 » » » » » key_pbe = -1; | |
| 213 » » » » else | |
| 214 » » » » » key_pbe=OBJ_txt2nid(*args); | |
| 215 » » » » if(key_pbe == NID_undef) { | |
| 216 » » » » » BIO_printf(bio_err, | |
| 217 » » » » » » "Unknown PBE algorithm %s\n", *
args); | |
| 218 » » » » » badarg = 1; | |
| 219 » » » » } | |
| 220 » » » } else badarg = 1; | |
| 221 } else if (!strcmp (*args, "-rand")) { | 195 } else if (!strcmp (*args, "-rand")) { |
| 222 if (args[1]) { | 196 if (args[1]) { |
| 223 args++; | 197 args++; |
| 224 inrand = *args; | 198 inrand = *args; |
| 225 } else badarg = 1; | 199 } else badarg = 1; |
| 226 } else if (!strcmp (*args, "-inkey")) { | 200 } else if (!strcmp (*args, "-inkey")) { |
| 227 if (args[1]) { | 201 if (args[1]) { |
| 228 args++; | 202 args++; |
| 229 keyname = *args; | 203 keyname = *args; |
| 230 } else badarg = 1; | 204 } else badarg = 1; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 241 } else if (!strcmp (*args, "-LMK")) | 215 } else if (!strcmp (*args, "-LMK")) |
| 242 add_lmk = 1; | 216 add_lmk = 1; |
| 243 else if (!strcmp (*args, "-CSP")) { | 217 else if (!strcmp (*args, "-CSP")) { |
| 244 if (args[1]) { | 218 if (args[1]) { |
| 245 args++; | 219 args++; |
| 246 csp_name = *args; | 220 csp_name = *args; |
| 247 } else badarg = 1; | 221 } else badarg = 1; |
| 248 } else if (!strcmp (*args, "-caname")) { | 222 } else if (!strcmp (*args, "-caname")) { |
| 249 if (args[1]) { | 223 if (args[1]) { |
| 250 args++; | 224 args++; |
| 251 » » » if (!canames) canames = sk_new_null(); | 225 » » » if (!canames) canames = sk_OPENSSL_STRING_new_null(); |
| 252 » » » sk_push(canames, *args); | 226 » » » sk_OPENSSL_STRING_push(canames, *args); |
| 253 } else badarg = 1; | 227 } else badarg = 1; |
| 254 } else if (!strcmp (*args, "-in")) { | 228 } else if (!strcmp (*args, "-in")) { |
| 255 if (args[1]) { | 229 if (args[1]) { |
| 256 args++; | 230 args++; |
| 257 infile = *args; | 231 infile = *args; |
| 258 } else badarg = 1; | 232 } else badarg = 1; |
| 259 } else if (!strcmp (*args, "-out")) { | 233 } else if (!strcmp (*args, "-out")) { |
| 260 if (args[1]) { | 234 if (args[1]) { |
| 261 args++; | 235 args++; |
| 262 outfile = *args; | 236 outfile = *args; |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 331 #ifndef OPENSSL_NO_AES | 305 #ifndef OPENSSL_NO_AES |
| 332 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); | 306 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); |
| 333 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); | 307 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); |
| 334 #endif | 308 #endif |
| 335 #ifndef OPENSSL_NO_CAMELLIA | 309 #ifndef OPENSSL_NO_CAMELLIA |
| 336 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); | 310 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); |
| 337 BIO_printf (bio_err, " encrypt PEM output with cbc camellia
\n"); | 311 BIO_printf (bio_err, " encrypt PEM output with cbc camellia
\n"); |
| 338 #endif | 312 #endif |
| 339 BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); | 313 BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); |
| 340 BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); | 314 BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); |
| 315 BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); |
| 341 BIO_printf (bio_err, "-maciter use MAC iteration\n"); | 316 BIO_printf (bio_err, "-maciter use MAC iteration\n"); |
| 317 BIO_printf (bio_err, "-nomac don't generate MAC\n"); |
| 342 BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n
"); | 318 BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n
"); |
| 343 BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with tr
iple DES (default RC2-40)\n"); | 319 BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with tr
iple DES (default RC2-40)\n"); |
| 344 BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (d
efault RC2-40)\n"); | 320 BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (d
efault RC2-40)\n"); |
| 345 BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (d
efault 3DES)\n"); | 321 BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (d
efault 3DES)\n"); |
| 322 BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (defaul
t SHA1)\n"); |
| 346 BIO_printf (bio_err, "-keyex set MS key exchange type\n"); | 323 BIO_printf (bio_err, "-keyex set MS key exchange type\n"); |
| 347 BIO_printf (bio_err, "-keysig set MS key signature type\n"); | 324 BIO_printf (bio_err, "-keysig set MS key signature type\n"); |
| 348 BIO_printf (bio_err, "-password p set import/export password source\n"
); | 325 BIO_printf (bio_err, "-password p set import/export password source\n"
); |
| 349 BIO_printf (bio_err, "-passin p input file pass phrase source\n"); | 326 BIO_printf (bio_err, "-passin p input file pass phrase source\n"); |
| 350 BIO_printf (bio_err, "-passout p output file pass phrase source\n"); | 327 BIO_printf (bio_err, "-passout p output file pass phrase source\n"); |
| 351 #ifndef OPENSSL_NO_ENGINE | 328 #ifndef OPENSSL_NO_ENGINE |
| 352 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware de
vice.\n"); | 329 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware de
vice.\n"); |
| 353 #endif | 330 #endif |
| 354 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIS
T_SEPARATOR_CHAR); | 331 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIS
T_SEPARATOR_CHAR); |
| 355 BIO_printf(bio_err, " load the file (or the files in the d
irectory) into\n"); | 332 BIO_printf(bio_err, " load the file (or the files in the d
irectory) into\n"); |
| 356 BIO_printf(bio_err, " the random number generator\n"); | 333 BIO_printf(bio_err, " the random number generator\n"); |
| 357 » BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); | 334 » BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); |
| 358 » BIO_printf(bio_err, "-LMK Add local machine keyset attribute t
o private key\n"); | 335 » BIO_printf(bio_err, "-LMK Add local machine keyset attribute t
o private key\n"); |
| 359 goto end; | 336 goto end; |
| 360 } | 337 } |
| 361 | 338 |
| 362 #ifndef OPENSSL_NO_ENGINE | 339 #ifndef OPENSSL_NO_ENGINE |
| 363 e = setup_engine(bio_err, engine, 0); | 340 e = setup_engine(bio_err, engine, 0); |
| 364 #endif | 341 #endif |
| 365 | 342 |
| 366 if(passarg) { | 343 if(passarg) { |
| 367 if(export_cert) passargout = passarg; | 344 if(export_cert) passargout = passarg; |
| 368 else passargin = passarg; | 345 else passargin = passarg; |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 438 } | 415 } |
| 439 #ifdef CRYPTO_MDEBUG | 416 #ifdef CRYPTO_MDEBUG |
| 440 CRYPTO_pop_info(); | 417 CRYPTO_pop_info(); |
| 441 #endif | 418 #endif |
| 442 } | 419 } |
| 443 | 420 |
| 444 if (export_cert) { | 421 if (export_cert) { |
| 445 EVP_PKEY *key = NULL; | 422 EVP_PKEY *key = NULL; |
| 446 X509 *ucert = NULL, *x = NULL; | 423 X509 *ucert = NULL, *x = NULL; |
| 447 STACK_OF(X509) *certs=NULL; | 424 STACK_OF(X509) *certs=NULL; |
| 425 const EVP_MD *macmd = NULL; |
| 448 unsigned char *catmp = NULL; | 426 unsigned char *catmp = NULL; |
| 449 int i; | 427 int i; |
| 450 | 428 |
| 451 if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) | 429 if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) |
| 452 { | 430 { |
| 453 BIO_printf(bio_err, "Nothing to do!\n"); | 431 BIO_printf(bio_err, "Nothing to do!\n"); |
| 454 goto export_end; | 432 goto export_end; |
| 455 } | 433 } |
| 456 | 434 |
| 457 if (options & NOCERTS) | 435 if (options & NOCERTS) |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 564 BIO_printf (bio_err, "Error %s getting chain.\n"
, | 542 BIO_printf (bio_err, "Error %s getting chain.\n"
, |
| 565 X509_verify_cert_error_string(vret)); | 543 X509_verify_cert_error_string(vret)); |
| 566 else | 544 else |
| 567 ERR_print_errors(bio_err); | 545 ERR_print_errors(bio_err); |
| 568 goto export_end; | 546 goto export_end; |
| 569 } | 547 } |
| 570 } | 548 } |
| 571 | 549 |
| 572 /* Add any CA names */ | 550 /* Add any CA names */ |
| 573 | 551 |
| 574 » for (i = 0; i < sk_num(canames); i++) | 552 » for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) |
| 575 { | 553 { |
| 576 » » catmp = (unsigned char *)sk_value(canames, i); | 554 » » catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); |
| 577 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); | 555 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
| 578 } | 556 } |
| 579 | 557 |
| 580 if (csp_name && key) | 558 if (csp_name && key) |
| 581 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, | 559 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
| 582 MBSTRING_ASC, (unsigned char *)csp_name, -1); | 560 MBSTRING_ASC, (unsigned char *)csp_name, -1); |
| 583 | 561 |
| 584 if (add_lmk && key) | 562 if (add_lmk && key) |
| 585 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); | 563 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
| 586 | 564 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 604 | 582 |
| 605 p12 = PKCS12_create(cpass, name, key, ucert, certs, | 583 p12 = PKCS12_create(cpass, name, key, ucert, certs, |
| 606 key_pbe, cert_pbe, iter, -1, keytype); | 584 key_pbe, cert_pbe, iter, -1, keytype); |
| 607 | 585 |
| 608 if (!p12) | 586 if (!p12) |
| 609 { | 587 { |
| 610 ERR_print_errors (bio_err); | 588 ERR_print_errors (bio_err); |
| 611 goto export_end; | 589 goto export_end; |
| 612 } | 590 } |
| 613 | 591 |
| 592 if (macalg) |
| 593 { |
| 594 macmd = EVP_get_digestbyname(macalg); |
| 595 if (!macmd) |
| 596 { |
| 597 BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
| 598 macalg); |
| 599 } |
| 600 } |
| 601 |
| 614 if (maciter != -1) | 602 if (maciter != -1) |
| 615 » » PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); | 603 » » PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); |
| 616 | 604 |
| 617 #ifdef CRYPTO_MDEBUG | 605 #ifdef CRYPTO_MDEBUG |
| 618 CRYPTO_pop_info(); | 606 CRYPTO_pop_info(); |
| 619 CRYPTO_push_info("writing pkcs12"); | 607 CRYPTO_push_info("writing pkcs12"); |
| 620 #endif | 608 #endif |
| 621 | 609 |
| 622 i2d_PKCS12_bio(out, p12); | 610 i2d_PKCS12_bio(out, p12); |
| 623 | 611 |
| 624 ret = 0; | 612 ret = 0; |
| 625 | 613 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 652 if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password
:", 0)) { | 640 if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password
:", 0)) { |
| 653 BIO_printf (bio_err, "Can't read Password\n"); | 641 BIO_printf (bio_err, "Can't read Password\n"); |
| 654 goto end; | 642 goto end; |
| 655 } | 643 } |
| 656 #ifdef CRYPTO_MDEBUG | 644 #ifdef CRYPTO_MDEBUG |
| 657 CRYPTO_pop_info(); | 645 CRYPTO_pop_info(); |
| 658 #endif | 646 #endif |
| 659 | 647 |
| 660 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); | 648 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
| 661 | 649 |
| 662 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->it
er ? ASN1_INTEGER_get (p12->mac->iter) : 1); | 650 if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n"
, p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); |
| 663 if(macver) { | 651 if(macver) { |
| 664 #ifdef CRYPTO_MDEBUG | 652 #ifdef CRYPTO_MDEBUG |
| 665 CRYPTO_push_info("verify MAC"); | 653 CRYPTO_push_info("verify MAC"); |
| 666 #endif | 654 #endif |
| 667 /* If we enter empty password try no password first */ | 655 /* If we enter empty password try no password first */ |
| 668 if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 656 if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
| 669 /* If mac and crypto pass the same set it to NULL too */ | 657 /* If mac and crypto pass the same set it to NULL too */ |
| 670 if(!twopass) cpass = NULL; | 658 if(!twopass) cpass = NULL; |
| 671 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { | 659 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
| 672 BIO_printf (bio_err, "Mac verify error: invalid password?\n"); | 660 BIO_printf (bio_err, "Mac verify error: invalid password?\n"); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 692 #endif | 680 #endif |
| 693 ret = 0; | 681 ret = 0; |
| 694 end: | 682 end: |
| 695 if (p12) PKCS12_free(p12); | 683 if (p12) PKCS12_free(p12); |
| 696 if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); | 684 if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); |
| 697 #ifdef CRYPTO_MDEBUG | 685 #ifdef CRYPTO_MDEBUG |
| 698 CRYPTO_remove_all_info(); | 686 CRYPTO_remove_all_info(); |
| 699 #endif | 687 #endif |
| 700 BIO_free(in); | 688 BIO_free(in); |
| 701 BIO_free_all(out); | 689 BIO_free_all(out); |
| 702 if (canames) sk_free(canames); | 690 if (canames) sk_OPENSSL_STRING_free(canames); |
| 703 if(passin) OPENSSL_free(passin); | 691 if(passin) OPENSSL_free(passin); |
| 704 if(passout) OPENSSL_free(passout); | 692 if(passout) OPENSSL_free(passout); |
| 705 apps_shutdown(); | 693 apps_shutdown(); |
| 706 OPENSSL_EXIT(ret); | 694 OPENSSL_EXIT(ret); |
| 707 } | 695 } |
| 708 | 696 |
| 709 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, | 697 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, |
| 710 int passlen, int options, char *pempass) | 698 int passlen, int options, char *pempass) |
| 711 { | 699 { |
| 712 STACK_OF(PKCS7) *asafes = NULL; | 700 STACK_OF(PKCS7) *asafes = NULL; |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 928 BIO_printf(out, " "); | 916 BIO_printf(out, " "); |
| 929 if(attr_nid == NID_undef) { | 917 if(attr_nid == NID_undef) { |
| 930 i2a_ASN1_OBJECT (out, attr->object); | 918 i2a_ASN1_OBJECT (out, attr->object); |
| 931 BIO_printf(out, ": "); | 919 BIO_printf(out, ": "); |
| 932 } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); | 920 } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); |
| 933 | 921 |
| 934 if(sk_ASN1_TYPE_num(attr->value.set)) { | 922 if(sk_ASN1_TYPE_num(attr->value.set)) { |
| 935 av = sk_ASN1_TYPE_value(attr->value.set, 0); | 923 av = sk_ASN1_TYPE_value(attr->value.set, 0); |
| 936 switch(av->type) { | 924 switch(av->type) { |
| 937 case V_ASN1_BMPSTRING: | 925 case V_ASN1_BMPSTRING: |
| 938 » » » value = uni2asc(av->value.bmpstring->data, | 926 » » » value = OPENSSL_uni2asc(av->value.bmpstring->dat
a, |
| 939 av->value.bmpstring->length); | 927 av->value.bmpstring->length); |
| 940 BIO_printf(out, "%s\n", value); | 928 BIO_printf(out, "%s\n", value); |
| 941 OPENSSL_free(value); | 929 OPENSSL_free(value); |
| 942 break; | 930 break; |
| 943 | 931 |
| 944 case V_ASN1_OCTET_STRING: | 932 case V_ASN1_OCTET_STRING: |
| 945 hex_prin(out, av->value.octet_string->data, | 933 hex_prin(out, av->value.octet_string->data, |
| 946 av->value.octet_string->length); | 934 av->value.octet_string->length); |
| 947 BIO_printf(out, "\n"); | 935 BIO_printf(out, "\n"); |
| 948 break; | 936 break; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 961 } | 949 } |
| 962 return 1; | 950 return 1; |
| 963 } | 951 } |
| 964 | 952 |
| 965 void hex_prin(BIO *out, unsigned char *buf, int len) | 953 void hex_prin(BIO *out, unsigned char *buf, int len) |
| 966 { | 954 { |
| 967 int i; | 955 int i; |
| 968 for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); | 956 for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); |
| 969 } | 957 } |
| 970 | 958 |
| 959 static int set_pbe(BIO *err, int *ppbe, const char *str) |
| 960 { |
| 961 if (!str) |
| 962 return 0; |
| 963 if (!strcmp(str, "NONE")) |
| 964 { |
| 965 *ppbe = -1; |
| 966 return 1; |
| 967 } |
| 968 *ppbe=OBJ_txt2nid(str); |
| 969 if (*ppbe == NID_undef) |
| 970 { |
| 971 BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); |
| 972 return 0; |
| 973 } |
| 974 return 1; |
| 975 } |
| 976 |
| 971 #endif | 977 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/