OLD | NEW |
1 /* pkcs12.c */ | 1 /* pkcs12.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project. | 3 * project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 | 61 |
62 #include <stdio.h> | 62 #include <stdio.h> |
63 #include <stdlib.h> | 63 #include <stdlib.h> |
64 #include <string.h> | 64 #include <string.h> |
65 #include "apps.h" | 65 #include "apps.h" |
66 #include <openssl/crypto.h> | 66 #include <openssl/crypto.h> |
67 #include <openssl/err.h> | 67 #include <openssl/err.h> |
68 #include <openssl/pem.h> | 68 #include <openssl/pem.h> |
69 #include <openssl/pkcs12.h> | 69 #include <openssl/pkcs12.h> |
70 | 70 |
71 #ifdef OPENSSL_SYS_NETWARE | |
72 /* Rename these functions to avoid name clashes on NetWare OS */ | |
73 #define uni2asc OPENSSL_uni2asc | |
74 #define asc2uni OPENSSL_asc2uni | |
75 #endif | |
76 | |
77 #define PROG pkcs12_main | 71 #define PROG pkcs12_main |
78 | 72 |
79 const EVP_CIPHER *enc; | 73 const EVP_CIPHER *enc; |
80 | 74 |
81 | 75 |
82 #define NOKEYS 0x1 | 76 #define NOKEYS 0x1 |
83 #define NOCERTS 0x2 | 77 #define NOCERTS 0x2 |
84 #define INFO 0x4 | 78 #define INFO 0x4 |
85 #define CLCERTS 0x8 | 79 #define CLCERTS 0x8 |
86 #define CACERTS 0x10 | 80 #define CACERTS 0x10 |
87 | 81 |
88 int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); | 82 int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); |
89 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
ons, char *pempass); | 83 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
ons, char *pempass); |
90 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, | 84 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, |
91 int passlen, int options, char *pempass); | 85 int passlen, int options, char *pempass); |
92 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen
, int options, char *pempass); | 86 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen
, int options, char *pempass); |
93 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); | 87 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); |
94 void hex_prin(BIO *out, unsigned char *buf, int len); | 88 void hex_prin(BIO *out, unsigned char *buf, int len); |
95 int alg_print(BIO *x, X509_ALGOR *alg); | 89 int alg_print(BIO *x, X509_ALGOR *alg); |
96 int cert_load(BIO *in, STACK_OF(X509) *sk); | 90 int cert_load(BIO *in, STACK_OF(X509) *sk); |
| 91 static int set_pbe(BIO *err, int *ppbe, const char *str); |
97 | 92 |
98 int MAIN(int, char **); | 93 int MAIN(int, char **); |
99 | 94 |
100 int MAIN(int argc, char **argv) | 95 int MAIN(int argc, char **argv) |
101 { | 96 { |
102 ENGINE *e = NULL; | 97 ENGINE *e = NULL; |
103 char *infile=NULL, *outfile=NULL, *keyname = NULL; | 98 char *infile=NULL, *outfile=NULL, *keyname = NULL; |
104 char *certfile=NULL; | 99 char *certfile=NULL; |
105 BIO *in=NULL, *out = NULL; | 100 BIO *in=NULL, *out = NULL; |
106 char **args; | 101 char **args; |
107 char *name = NULL; | 102 char *name = NULL; |
108 char *csp_name = NULL; | 103 char *csp_name = NULL; |
109 int add_lmk = 0; | 104 int add_lmk = 0; |
110 PKCS12 *p12 = NULL; | 105 PKCS12 *p12 = NULL; |
111 char pass[50], macpass[50]; | 106 char pass[50], macpass[50]; |
112 int export_cert = 0; | 107 int export_cert = 0; |
113 int options = 0; | 108 int options = 0; |
114 int chain = 0; | 109 int chain = 0; |
115 int badarg = 0; | 110 int badarg = 0; |
116 int iter = PKCS12_DEFAULT_ITER; | 111 int iter = PKCS12_DEFAULT_ITER; |
117 int maciter = PKCS12_DEFAULT_ITER; | 112 int maciter = PKCS12_DEFAULT_ITER; |
118 int twopass = 0; | 113 int twopass = 0; |
119 int keytype = 0; | 114 int keytype = 0; |
120 int cert_pbe; | 115 int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
121 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 116 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
122 int ret = 1; | 117 int ret = 1; |
123 int macver = 1; | 118 int macver = 1; |
124 int noprompt = 0; | 119 int noprompt = 0; |
125 STACK *canames = NULL; | 120 STACK_OF(OPENSSL_STRING) *canames = NULL; |
126 char *cpass = NULL, *mpass = NULL; | 121 char *cpass = NULL, *mpass = NULL; |
127 char *passargin = NULL, *passargout = NULL, *passarg = NULL; | 122 char *passargin = NULL, *passargout = NULL, *passarg = NULL; |
128 char *passin = NULL, *passout = NULL; | 123 char *passin = NULL, *passout = NULL; |
129 char *inrand = NULL; | 124 char *inrand = NULL; |
| 125 char *macalg = NULL; |
130 char *CApath = NULL, *CAfile = NULL; | 126 char *CApath = NULL, *CAfile = NULL; |
131 #ifndef OPENSSL_NO_ENGINE | 127 #ifndef OPENSSL_NO_ENGINE |
132 char *engine=NULL; | 128 char *engine=NULL; |
133 #endif | 129 #endif |
134 | 130 |
135 apps_startup(); | 131 apps_startup(); |
136 | 132 |
137 #ifdef OPENSSL_FIPS | |
138 if (FIPS_mode()) | |
139 cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | |
140 else | |
141 #endif | |
142 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | |
143 | |
144 enc = EVP_des_ede3_cbc(); | 133 enc = EVP_des_ede3_cbc(); |
145 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); | 134 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
146 | 135 |
147 if (!load_config(bio_err, NULL)) | 136 if (!load_config(bio_err, NULL)) |
148 goto end; | 137 goto end; |
149 | 138 |
150 args = argv + 1; | 139 args = argv + 1; |
151 | 140 |
152 | 141 |
153 while (*args) { | 142 while (*args) { |
(...skipping 30 matching lines...) Expand all Loading... |
184 else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc
(); | 173 else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc
(); |
185 else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc
(); | 174 else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc
(); |
186 #endif | 175 #endif |
187 else if (!strcmp (*args, "-noiter")) iter = 1; | 176 else if (!strcmp (*args, "-noiter")) iter = 1; |
188 else if (!strcmp (*args, "-maciter")) | 177 else if (!strcmp (*args, "-maciter")) |
189 maciter = PKCS12_DEFAULT_ITER; | 178 maciter = PKCS12_DEFAULT_ITER; |
190 else if (!strcmp (*args, "-nomaciter")) | 179 else if (!strcmp (*args, "-nomaciter")) |
191 maciter = 1; | 180 maciter = 1; |
192 else if (!strcmp (*args, "-nomac")) | 181 else if (!strcmp (*args, "-nomac")) |
193 maciter = -1; | 182 maciter = -1; |
| 183 else if (!strcmp (*args, "-macalg")) |
| 184 if (args[1]) { |
| 185 args++; |
| 186 macalg = *args; |
| 187 } else badarg = 1; |
194 else if (!strcmp (*args, "-nodes")) enc=NULL; | 188 else if (!strcmp (*args, "-nodes")) enc=NULL; |
195 else if (!strcmp (*args, "-certpbe")) { | 189 else if (!strcmp (*args, "-certpbe")) { |
196 » » » if (args[1]) { | 190 » » » if (!set_pbe(bio_err, &cert_pbe, *++args)) |
197 » » » » args++; | 191 » » » » badarg = 1; |
198 » » » » if (!strcmp(*args, "NONE")) | |
199 » » » » » cert_pbe = -1; | |
200 » » » » else | |
201 » » » » » cert_pbe=OBJ_txt2nid(*args); | |
202 » » » » if(cert_pbe == NID_undef) { | |
203 » » » » » BIO_printf(bio_err, | |
204 » » » » » » "Unknown PBE algorithm %s\n", *
args); | |
205 » » » » » badarg = 1; | |
206 » » » » } | |
207 » » » } else badarg = 1; | |
208 } else if (!strcmp (*args, "-keypbe")) { | 192 } else if (!strcmp (*args, "-keypbe")) { |
209 » » » if (args[1]) { | 193 » » » if (!set_pbe(bio_err, &key_pbe, *++args)) |
210 » » » » args++; | 194 » » » » badarg = 1; |
211 » » » » if (!strcmp(*args, "NONE")) | |
212 » » » » » key_pbe = -1; | |
213 » » » » else | |
214 » » » » » key_pbe=OBJ_txt2nid(*args); | |
215 » » » » if(key_pbe == NID_undef) { | |
216 » » » » » BIO_printf(bio_err, | |
217 » » » » » » "Unknown PBE algorithm %s\n", *
args); | |
218 » » » » » badarg = 1; | |
219 » » » » } | |
220 » » » } else badarg = 1; | |
221 } else if (!strcmp (*args, "-rand")) { | 195 } else if (!strcmp (*args, "-rand")) { |
222 if (args[1]) { | 196 if (args[1]) { |
223 args++; | 197 args++; |
224 inrand = *args; | 198 inrand = *args; |
225 } else badarg = 1; | 199 } else badarg = 1; |
226 } else if (!strcmp (*args, "-inkey")) { | 200 } else if (!strcmp (*args, "-inkey")) { |
227 if (args[1]) { | 201 if (args[1]) { |
228 args++; | 202 args++; |
229 keyname = *args; | 203 keyname = *args; |
230 } else badarg = 1; | 204 } else badarg = 1; |
(...skipping 10 matching lines...) Expand all Loading... |
241 } else if (!strcmp (*args, "-LMK")) | 215 } else if (!strcmp (*args, "-LMK")) |
242 add_lmk = 1; | 216 add_lmk = 1; |
243 else if (!strcmp (*args, "-CSP")) { | 217 else if (!strcmp (*args, "-CSP")) { |
244 if (args[1]) { | 218 if (args[1]) { |
245 args++; | 219 args++; |
246 csp_name = *args; | 220 csp_name = *args; |
247 } else badarg = 1; | 221 } else badarg = 1; |
248 } else if (!strcmp (*args, "-caname")) { | 222 } else if (!strcmp (*args, "-caname")) { |
249 if (args[1]) { | 223 if (args[1]) { |
250 args++; | 224 args++; |
251 » » » if (!canames) canames = sk_new_null(); | 225 » » » if (!canames) canames = sk_OPENSSL_STRING_new_null(); |
252 » » » sk_push(canames, *args); | 226 » » » sk_OPENSSL_STRING_push(canames, *args); |
253 } else badarg = 1; | 227 } else badarg = 1; |
254 } else if (!strcmp (*args, "-in")) { | 228 } else if (!strcmp (*args, "-in")) { |
255 if (args[1]) { | 229 if (args[1]) { |
256 args++; | 230 args++; |
257 infile = *args; | 231 infile = *args; |
258 } else badarg = 1; | 232 } else badarg = 1; |
259 } else if (!strcmp (*args, "-out")) { | 233 } else if (!strcmp (*args, "-out")) { |
260 if (args[1]) { | 234 if (args[1]) { |
261 args++; | 235 args++; |
262 outfile = *args; | 236 outfile = *args; |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
331 #ifndef OPENSSL_NO_AES | 305 #ifndef OPENSSL_NO_AES |
332 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); | 306 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); |
333 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); | 307 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); |
334 #endif | 308 #endif |
335 #ifndef OPENSSL_NO_CAMELLIA | 309 #ifndef OPENSSL_NO_CAMELLIA |
336 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); | 310 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); |
337 BIO_printf (bio_err, " encrypt PEM output with cbc camellia
\n"); | 311 BIO_printf (bio_err, " encrypt PEM output with cbc camellia
\n"); |
338 #endif | 312 #endif |
339 BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); | 313 BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); |
340 BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); | 314 BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); |
| 315 BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); |
341 BIO_printf (bio_err, "-maciter use MAC iteration\n"); | 316 BIO_printf (bio_err, "-maciter use MAC iteration\n"); |
| 317 BIO_printf (bio_err, "-nomac don't generate MAC\n"); |
342 BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n
"); | 318 BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n
"); |
343 BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with tr
iple DES (default RC2-40)\n"); | 319 BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with tr
iple DES (default RC2-40)\n"); |
344 BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (d
efault RC2-40)\n"); | 320 BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (d
efault RC2-40)\n"); |
345 BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (d
efault 3DES)\n"); | 321 BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (d
efault 3DES)\n"); |
| 322 BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (defaul
t SHA1)\n"); |
346 BIO_printf (bio_err, "-keyex set MS key exchange type\n"); | 323 BIO_printf (bio_err, "-keyex set MS key exchange type\n"); |
347 BIO_printf (bio_err, "-keysig set MS key signature type\n"); | 324 BIO_printf (bio_err, "-keysig set MS key signature type\n"); |
348 BIO_printf (bio_err, "-password p set import/export password source\n"
); | 325 BIO_printf (bio_err, "-password p set import/export password source\n"
); |
349 BIO_printf (bio_err, "-passin p input file pass phrase source\n"); | 326 BIO_printf (bio_err, "-passin p input file pass phrase source\n"); |
350 BIO_printf (bio_err, "-passout p output file pass phrase source\n"); | 327 BIO_printf (bio_err, "-passout p output file pass phrase source\n"); |
351 #ifndef OPENSSL_NO_ENGINE | 328 #ifndef OPENSSL_NO_ENGINE |
352 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware de
vice.\n"); | 329 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware de
vice.\n"); |
353 #endif | 330 #endif |
354 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIS
T_SEPARATOR_CHAR); | 331 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIS
T_SEPARATOR_CHAR); |
355 BIO_printf(bio_err, " load the file (or the files in the d
irectory) into\n"); | 332 BIO_printf(bio_err, " load the file (or the files in the d
irectory) into\n"); |
356 BIO_printf(bio_err, " the random number generator\n"); | 333 BIO_printf(bio_err, " the random number generator\n"); |
357 » BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); | 334 » BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); |
358 » BIO_printf(bio_err, "-LMK Add local machine keyset attribute t
o private key\n"); | 335 » BIO_printf(bio_err, "-LMK Add local machine keyset attribute t
o private key\n"); |
359 goto end; | 336 goto end; |
360 } | 337 } |
361 | 338 |
362 #ifndef OPENSSL_NO_ENGINE | 339 #ifndef OPENSSL_NO_ENGINE |
363 e = setup_engine(bio_err, engine, 0); | 340 e = setup_engine(bio_err, engine, 0); |
364 #endif | 341 #endif |
365 | 342 |
366 if(passarg) { | 343 if(passarg) { |
367 if(export_cert) passargout = passarg; | 344 if(export_cert) passargout = passarg; |
368 else passargin = passarg; | 345 else passargin = passarg; |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
438 } | 415 } |
439 #ifdef CRYPTO_MDEBUG | 416 #ifdef CRYPTO_MDEBUG |
440 CRYPTO_pop_info(); | 417 CRYPTO_pop_info(); |
441 #endif | 418 #endif |
442 } | 419 } |
443 | 420 |
444 if (export_cert) { | 421 if (export_cert) { |
445 EVP_PKEY *key = NULL; | 422 EVP_PKEY *key = NULL; |
446 X509 *ucert = NULL, *x = NULL; | 423 X509 *ucert = NULL, *x = NULL; |
447 STACK_OF(X509) *certs=NULL; | 424 STACK_OF(X509) *certs=NULL; |
| 425 const EVP_MD *macmd = NULL; |
448 unsigned char *catmp = NULL; | 426 unsigned char *catmp = NULL; |
449 int i; | 427 int i; |
450 | 428 |
451 if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) | 429 if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) |
452 { | 430 { |
453 BIO_printf(bio_err, "Nothing to do!\n"); | 431 BIO_printf(bio_err, "Nothing to do!\n"); |
454 goto export_end; | 432 goto export_end; |
455 } | 433 } |
456 | 434 |
457 if (options & NOCERTS) | 435 if (options & NOCERTS) |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
564 BIO_printf (bio_err, "Error %s getting chain.\n"
, | 542 BIO_printf (bio_err, "Error %s getting chain.\n"
, |
565 X509_verify_cert_error_string(vret)); | 543 X509_verify_cert_error_string(vret)); |
566 else | 544 else |
567 ERR_print_errors(bio_err); | 545 ERR_print_errors(bio_err); |
568 goto export_end; | 546 goto export_end; |
569 } | 547 } |
570 } | 548 } |
571 | 549 |
572 /* Add any CA names */ | 550 /* Add any CA names */ |
573 | 551 |
574 » for (i = 0; i < sk_num(canames); i++) | 552 » for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) |
575 { | 553 { |
576 » » catmp = (unsigned char *)sk_value(canames, i); | 554 » » catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); |
577 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); | 555 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
578 } | 556 } |
579 | 557 |
580 if (csp_name && key) | 558 if (csp_name && key) |
581 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, | 559 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
582 MBSTRING_ASC, (unsigned char *)csp_name, -1); | 560 MBSTRING_ASC, (unsigned char *)csp_name, -1); |
583 | 561 |
584 if (add_lmk && key) | 562 if (add_lmk && key) |
585 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); | 563 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
586 | 564 |
(...skipping 17 matching lines...) Expand all Loading... |
604 | 582 |
605 p12 = PKCS12_create(cpass, name, key, ucert, certs, | 583 p12 = PKCS12_create(cpass, name, key, ucert, certs, |
606 key_pbe, cert_pbe, iter, -1, keytype); | 584 key_pbe, cert_pbe, iter, -1, keytype); |
607 | 585 |
608 if (!p12) | 586 if (!p12) |
609 { | 587 { |
610 ERR_print_errors (bio_err); | 588 ERR_print_errors (bio_err); |
611 goto export_end; | 589 goto export_end; |
612 } | 590 } |
613 | 591 |
| 592 if (macalg) |
| 593 { |
| 594 macmd = EVP_get_digestbyname(macalg); |
| 595 if (!macmd) |
| 596 { |
| 597 BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
| 598 macalg); |
| 599 } |
| 600 } |
| 601 |
614 if (maciter != -1) | 602 if (maciter != -1) |
615 » » PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); | 603 » » PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); |
616 | 604 |
617 #ifdef CRYPTO_MDEBUG | 605 #ifdef CRYPTO_MDEBUG |
618 CRYPTO_pop_info(); | 606 CRYPTO_pop_info(); |
619 CRYPTO_push_info("writing pkcs12"); | 607 CRYPTO_push_info("writing pkcs12"); |
620 #endif | 608 #endif |
621 | 609 |
622 i2d_PKCS12_bio(out, p12); | 610 i2d_PKCS12_bio(out, p12); |
623 | 611 |
624 ret = 0; | 612 ret = 0; |
625 | 613 |
(...skipping 26 matching lines...) Expand all Loading... |
652 if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password
:", 0)) { | 640 if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password
:", 0)) { |
653 BIO_printf (bio_err, "Can't read Password\n"); | 641 BIO_printf (bio_err, "Can't read Password\n"); |
654 goto end; | 642 goto end; |
655 } | 643 } |
656 #ifdef CRYPTO_MDEBUG | 644 #ifdef CRYPTO_MDEBUG |
657 CRYPTO_pop_info(); | 645 CRYPTO_pop_info(); |
658 #endif | 646 #endif |
659 | 647 |
660 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); | 648 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
661 | 649 |
662 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->it
er ? ASN1_INTEGER_get (p12->mac->iter) : 1); | 650 if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n"
, p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); |
663 if(macver) { | 651 if(macver) { |
664 #ifdef CRYPTO_MDEBUG | 652 #ifdef CRYPTO_MDEBUG |
665 CRYPTO_push_info("verify MAC"); | 653 CRYPTO_push_info("verify MAC"); |
666 #endif | 654 #endif |
667 /* If we enter empty password try no password first */ | 655 /* If we enter empty password try no password first */ |
668 if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 656 if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
669 /* If mac and crypto pass the same set it to NULL too */ | 657 /* If mac and crypto pass the same set it to NULL too */ |
670 if(!twopass) cpass = NULL; | 658 if(!twopass) cpass = NULL; |
671 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { | 659 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
672 BIO_printf (bio_err, "Mac verify error: invalid password?\n"); | 660 BIO_printf (bio_err, "Mac verify error: invalid password?\n"); |
(...skipping 19 matching lines...) Expand all Loading... |
692 #endif | 680 #endif |
693 ret = 0; | 681 ret = 0; |
694 end: | 682 end: |
695 if (p12) PKCS12_free(p12); | 683 if (p12) PKCS12_free(p12); |
696 if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); | 684 if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); |
697 #ifdef CRYPTO_MDEBUG | 685 #ifdef CRYPTO_MDEBUG |
698 CRYPTO_remove_all_info(); | 686 CRYPTO_remove_all_info(); |
699 #endif | 687 #endif |
700 BIO_free(in); | 688 BIO_free(in); |
701 BIO_free_all(out); | 689 BIO_free_all(out); |
702 if (canames) sk_free(canames); | 690 if (canames) sk_OPENSSL_STRING_free(canames); |
703 if(passin) OPENSSL_free(passin); | 691 if(passin) OPENSSL_free(passin); |
704 if(passout) OPENSSL_free(passout); | 692 if(passout) OPENSSL_free(passout); |
705 apps_shutdown(); | 693 apps_shutdown(); |
706 OPENSSL_EXIT(ret); | 694 OPENSSL_EXIT(ret); |
707 } | 695 } |
708 | 696 |
709 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, | 697 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, |
710 int passlen, int options, char *pempass) | 698 int passlen, int options, char *pempass) |
711 { | 699 { |
712 STACK_OF(PKCS7) *asafes = NULL; | 700 STACK_OF(PKCS7) *asafes = NULL; |
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
928 BIO_printf(out, " "); | 916 BIO_printf(out, " "); |
929 if(attr_nid == NID_undef) { | 917 if(attr_nid == NID_undef) { |
930 i2a_ASN1_OBJECT (out, attr->object); | 918 i2a_ASN1_OBJECT (out, attr->object); |
931 BIO_printf(out, ": "); | 919 BIO_printf(out, ": "); |
932 } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); | 920 } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); |
933 | 921 |
934 if(sk_ASN1_TYPE_num(attr->value.set)) { | 922 if(sk_ASN1_TYPE_num(attr->value.set)) { |
935 av = sk_ASN1_TYPE_value(attr->value.set, 0); | 923 av = sk_ASN1_TYPE_value(attr->value.set, 0); |
936 switch(av->type) { | 924 switch(av->type) { |
937 case V_ASN1_BMPSTRING: | 925 case V_ASN1_BMPSTRING: |
938 » » » value = uni2asc(av->value.bmpstring->data, | 926 » » » value = OPENSSL_uni2asc(av->value.bmpstring->dat
a, |
939 av->value.bmpstring->length); | 927 av->value.bmpstring->length); |
940 BIO_printf(out, "%s\n", value); | 928 BIO_printf(out, "%s\n", value); |
941 OPENSSL_free(value); | 929 OPENSSL_free(value); |
942 break; | 930 break; |
943 | 931 |
944 case V_ASN1_OCTET_STRING: | 932 case V_ASN1_OCTET_STRING: |
945 hex_prin(out, av->value.octet_string->data, | 933 hex_prin(out, av->value.octet_string->data, |
946 av->value.octet_string->length); | 934 av->value.octet_string->length); |
947 BIO_printf(out, "\n"); | 935 BIO_printf(out, "\n"); |
948 break; | 936 break; |
(...skipping 12 matching lines...) Expand all Loading... |
961 } | 949 } |
962 return 1; | 950 return 1; |
963 } | 951 } |
964 | 952 |
965 void hex_prin(BIO *out, unsigned char *buf, int len) | 953 void hex_prin(BIO *out, unsigned char *buf, int len) |
966 { | 954 { |
967 int i; | 955 int i; |
968 for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); | 956 for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); |
969 } | 957 } |
970 | 958 |
| 959 static int set_pbe(BIO *err, int *ppbe, const char *str) |
| 960 { |
| 961 if (!str) |
| 962 return 0; |
| 963 if (!strcmp(str, "NONE")) |
| 964 { |
| 965 *ppbe = -1; |
| 966 return 1; |
| 967 } |
| 968 *ppbe=OBJ_txt2nid(str); |
| 969 if (*ppbe == NID_undef) |
| 970 { |
| 971 BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); |
| 972 return 0; |
| 973 } |
| 974 return 1; |
| 975 } |
| 976 |
971 #endif | 977 #endif |
OLD | NEW |