summaryrefslogtreecommitdiffstats
path: root/apps/pkcs12.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/pkcs12.c')
-rw-r--r--apps/pkcs12.c1658
1 files changed, 871 insertions, 787 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4d62a7b8ca..4ff64495a9 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,6 @@
/* pkcs12.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -59,32 +60,35 @@
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/pkcs12.h>
-#define PROG pkcs12_main
+# define PROG pkcs12_main
const EVP_CIPHER *enc;
-
-#define NOKEYS 0x1
-#define NOCERTS 0x2
-#define INFO 0x4
-#define CLCERTS 0x8
-#define CACERTS 0x10
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
- int passlen, int options, char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
+# define NOKEYS 0x1
+# define NOCERTS 0x2
+# define INFO 0x4
+# define CLCERTS 0x8
+# define CACERTS 0x10
+
+int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
+ int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+ char *pass, int passlen, int options,
+ char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
+ int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
+ const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
@@ -95,9 +99,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
- char *infile=NULL, *outfile=NULL, *keyname = NULL;
- char *certfile=NULL;
- BIO *in=NULL, *out = NULL;
+ char *infile = NULL, *outfile = NULL, *keyname = NULL;
+ char *certfile = NULL;
+ BIO *in = NULL, *out = NULL;
char **args;
char *name = NULL;
char *csp_name = NULL;
@@ -124,861 +128,941 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
apps_startup();
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
if (FIPS_mode())
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
-#endif
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+# endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
enc = EVP_des_ede3_cbc();
- if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
- if (!load_config(bio_err, NULL))
- goto end;
+ if (!load_config(bio_err, NULL))
+ goto end;
args = argv + 1;
-
while (*args) {
- if (*args[0] == '-') {
- if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
- else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
- else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
- else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
- else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
- else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
- else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
- else if (!strcmp (*args, "-info")) options |= INFO;
- else if (!strcmp (*args, "-chain")) chain = 1;
- else if (!strcmp (*args, "-twopass")) twopass = 1;
- else if (!strcmp (*args, "-nomacver")) macver = 0;
- else if (!strcmp (*args, "-descert"))
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else if (!strcmp (*args, "-export")) export_cert = 1;
- else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
-#ifndef OPENSSL_NO_IDEA
- else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-noiter")) iter = 1;
- else if (!strcmp (*args, "-maciter"))
- maciter = PKCS12_DEFAULT_ITER;
- else if (!strcmp (*args, "-nomaciter"))
- maciter = 1;
- else if (!strcmp (*args, "-nomac"))
- maciter = -1;
- else if (!strcmp (*args, "-macalg"))
- if (args[1]) {
- args++;
- macalg = *args;
- } else badarg = 1;
- else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-certpbe")) {
- if (!set_pbe(bio_err, &cert_pbe, *++args))
- badarg = 1;
- } else if (!strcmp (*args, "-keypbe")) {
- if (!set_pbe(bio_err, &key_pbe, *++args))
- badarg = 1;
- } else if (!strcmp (*args, "-rand")) {
- if (args[1]) {
- args++;
- inrand = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inkey")) {
- if (args[1]) {
- args++;
- keyname = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-certfile")) {
- if (args[1]) {
- args++;
- certfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-name")) {
- if (args[1]) {
- args++;
- name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-LMK"))
- add_lmk = 1;
- else if (!strcmp (*args, "-CSP")) {
- if (args[1]) {
- args++;
- csp_name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-caname")) {
- if (args[1]) {
- args++;
- if (!canames) canames = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(canames, *args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passin")) {
- if (args[1]) {
- args++;
- passargin = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passout")) {
- if (args[1]) {
- args++;
- passargout = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-password")) {
- if (args[1]) {
- args++;
- passarg = *args;
- noprompt = 1;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CApath")) {
- if (args[1]) {
- args++;
- CApath = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CAfile")) {
- if (args[1]) {
- args++;
- CAfile = *args;
- } else badarg = 1;
-#ifndef OPENSSL_NO_ENGINE
- } else if (!strcmp(*args,"-engine")) {
- if (args[1]) {
- args++;
- engine = *args;
- } else badarg = 1;
-#endif
- } else badarg = 1;
-
- } else badarg = 1;
- args++;
+ if (*args[0] == '-') {
+ if (!strcmp(*args, "-nokeys"))
+ options |= NOKEYS;
+ else if (!strcmp(*args, "-keyex"))
+ keytype = KEY_EX;
+ else if (!strcmp(*args, "-keysig"))
+ keytype = KEY_SIG;
+ else if (!strcmp(*args, "-nocerts"))
+ options |= NOCERTS;
+ else if (!strcmp(*args, "-clcerts"))
+ options |= CLCERTS;
+ else if (!strcmp(*args, "-cacerts"))
+ options |= CACERTS;
+ else if (!strcmp(*args, "-noout"))
+ options |= (NOKEYS | NOCERTS);
+ else if (!strcmp(*args, "-info"))
+ options |= INFO;
+ else if (!strcmp(*args, "-chain"))
+ chain = 1;
+ else if (!strcmp(*args, "-twopass"))
+ twopass = 1;
+ else if (!strcmp(*args, "-nomacver"))
+ macver = 0;
+ else if (!strcmp(*args, "-descert"))
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else if (!strcmp(*args, "-export"))
+ export_cert = 1;
+ else if (!strcmp(*args, "-des"))
+ enc = EVP_des_cbc();
+ else if (!strcmp(*args, "-des3"))
+ enc = EVP_des_ede3_cbc();
+# ifndef OPENSSL_NO_IDEA
+ else if (!strcmp(*args, "-idea"))
+ enc = EVP_idea_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed"))
+ enc = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args, "-aes128"))
+ enc = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ enc = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ enc = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args, "-camellia128"))
+ enc = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ enc = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ enc = EVP_camellia_256_cbc();
+# endif
+ else if (!strcmp(*args, "-noiter"))
+ iter = 1;
+ else if (!strcmp(*args, "-maciter"))
+ maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp(*args, "-nomaciter"))
+ maciter = 1;
+ else if (!strcmp(*args, "-nomac"))
+ maciter = -1;
+ else if (!strcmp(*args, "-macalg"))
+ if (args[1]) {
+ args++;
+ macalg = *args;
+ } else
+ badarg = 1;
+ else if (!strcmp(*args, "-nodes"))
+ enc = NULL;
+ else if (!strcmp(*args, "-certpbe")) {
+ if (!set_pbe(bio_err, &cert_pbe, *++args))
+ badarg = 1;
+ } else if (!strcmp(*args, "-keypbe")) {
+ if (!set_pbe(bio_err, &key_pbe, *++args))
+ badarg = 1;
+ } else if (!strcmp(*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyname = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-name")) {
+ if (args[1]) {
+ args++;
+ name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp(*args, "-CSP")) {
+ if (args[1]) {
+ args++;
+ csp_name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-caname")) {
+ if (args[1]) {
+ args++;
+ if (!canames)
+ canames = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(canames, *args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passout")) {
+ if (args[1]) {
+ args++;
+ passargout = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-password")) {
+ if (args[1]) {
+ args++;
+ passarg = *args;
+ noprompt = 1;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else
+ badarg = 1;
+# ifndef OPENSSL_NO_ENGINE
+ } else if (!strcmp(*args, "-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else
+ badarg = 1;
+# endif
+ } else
+ badarg = 1;
+
+ } else
+ badarg = 1;
+ args++;
}
if (badarg) {
- BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-export output PKCS12 file\n");
- BIO_printf (bio_err, "-chain add certificate chain\n");
- BIO_printf (bio_err, "-inkey file private key if not infile\n");
- BIO_printf (bio_err, "-certfile f add all certs in f\n");
- BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
- BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
- BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
- BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
- BIO_printf (bio_err, "-in infile input filename\n");
- BIO_printf (bio_err, "-out outfile output filename\n");
- BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
- BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
- BIO_printf (bio_err, "-nocerts don't output certificates.\n");
- BIO_printf (bio_err, "-clcerts only output client certificates.\n");
- BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
- BIO_printf (bio_err, "-nokeys don't output private keys.\n");
- BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
- BIO_printf (bio_err, "-des encrypt private keys with DES\n");
- BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
- BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
- BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n");
- BIO_printf (bio_err, "-maciter use MAC iteration\n");
- BIO_printf (bio_err, "-nomac don't generate MAC\n");
- BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
- BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
- BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
- BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
- BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
- BIO_printf (bio_err, "-keyex set MS key exchange type\n");
- BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password source\n");
- BIO_printf (bio_err, "-passin p input file pass phrase source\n");
- BIO_printf (bio_err, "-passout p output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
- BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
- goto end;
+ BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-export output PKCS12 file\n");
+ BIO_printf(bio_err, "-chain add certificate chain\n");
+ BIO_printf(bio_err, "-inkey file private key if not infile\n");
+ BIO_printf(bio_err, "-certfile f add all certs in f\n");
+ BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
+ BIO_printf(bio_err,
+ "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
+ BIO_printf(bio_err, "-in infile input filename\n");
+ BIO_printf(bio_err, "-out outfile output filename\n");
+ BIO_printf(bio_err,
+ "-noout don't output anything, just verify.\n");
+ BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
+ BIO_printf(bio_err, "-nocerts don't output certificates.\n");
+ BIO_printf(bio_err,
+ "-clcerts only output client certificates.\n");
+ BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
+ BIO_printf(bio_err, "-nokeys don't output private keys.\n");
+ BIO_printf(bio_err,
+ "-info give info about PKCS#12 structure.\n");
+ BIO_printf(bio_err, "-des encrypt private keys with DES\n");
+ BIO_printf(bio_err,
+ "-des3 encrypt private keys with triple DES (default)\n");
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "-seed encrypt private keys with seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+ BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
+ BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
+ BIO_printf(bio_err, "-nomaciter don't use MAC iteration\n");
+ BIO_printf(bio_err, "-maciter use MAC iteration\n");
+ BIO_printf(bio_err, "-nomac don't generate MAC\n");
+ BIO_printf(bio_err,
+ "-twopass separate MAC, encryption passwords\n");
+ BIO_printf(bio_err,
+ "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf(bio_err,
+ "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf(bio_err,
+ "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
+ BIO_printf(bio_err,
+ "-macalg alg digest algorithm used in MAC (default SHA1)\n");
+ BIO_printf(bio_err, "-keyex set MS key exchange type\n");
+ BIO_printf(bio_err, "-keysig set MS key signature type\n");
+ BIO_printf(bio_err,
+ "-password p set import/export password source\n");
+ BIO_printf(bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf(bio_err, "-passout p output file pass phrase source\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err,
+ "-LMK Add local machine keyset attribute to private key\n");
+ goto end;
}
-
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
+# endif
- if(passarg) {
- if(export_cert) passargout = passarg;
- else passargin = passarg;
+ if (passarg) {
+ if (export_cert)
+ passargout = passarg;
+ else
+ passargin = passarg;
}
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
}
- if(!cpass) {
- if(export_cert) cpass = passout;
- else cpass = passin;
+ if (!cpass) {
+ if (export_cert)
+ cpass = passout;
+ else
+ cpass = passin;
}
- if(cpass) {
- mpass = cpass;
- noprompt = 1;
+ if (cpass) {
+ mpass = cpass;
+ noprompt = 1;
} else {
- cpass = pass;
- mpass = macpass;
+ cpass = pass;
+ mpass = macpass;
}
- if(export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
}
ERR_load_crypto_strings();
-#ifdef CRYPTO_MDEBUG
+# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read files");
-#endif
+# endif
- if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
- else in = BIO_new_file(infile, "rb");
+ if (!infile)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(infile, "rb");
if (!in) {
- BIO_printf(bio_err, "Error opening input file %s\n",
- infile ? infile : "<stdin>");
- perror (infile);
- goto end;
- }
-
-#ifdef CRYPTO_MDEBUG
+ BIO_printf(bio_err, "Error opening input file %s\n",
+ infile ? infile : "<stdin>");
+ perror(infile);
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("write files");
-#endif
+# endif
if (!outfile) {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- } else out = BIO_new_file(outfile, "wb");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else
+ out = BIO_new_file(outfile, "wb");
if (!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "<stdout>");
- perror (outfile);
- goto end;
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "<stdout>");
+ perror(outfile);
+ goto end;
}
if (twopass) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read MAC password");
-#endif
- if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+# endif
+ if (EVP_read_pw_string
+ (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
}
if (export_cert) {
- EVP_PKEY *key = NULL;
- X509 *ucert = NULL, *x = NULL;
- STACK_OF(X509) *certs=NULL;
- const EVP_MD *macmd = NULL;
- unsigned char *catmp = NULL;
- int i;
-
- if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
- {
- BIO_printf(bio_err, "Nothing to do!\n");
- goto export_end;
- }
-
- if (options & NOCERTS)
- chain = 0;
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("process -export_cert");
- CRYPTO_push_info("reading private key");
-#endif
- if (!(options & NOKEYS))
- {
- key = load_key(bio_err, keyname ? keyname : infile,
- FORMAT_PEM, 1, passin, e, "private key");
- if (!key)
- goto export_end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input");
-#endif
-
- /* Load in all certs in input file */
- if(!(options & NOCERTS))
- {
- certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
- "certificates");
- if (!certs)
- goto export_end;
-
- if (key)
- {
- /* Look for matching private key */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if(X509_check_private_key(x, key))
- {
- ucert = x;
- /* Zero keyid and alias */
- X509_keyid_set1(ucert, NULL, 0);
- X509_alias_set1(ucert, NULL, 0);
- /* Remove from list */
- (void)sk_X509_delete(certs, i);
- break;
- }
- }
- if (!ucert)
- {
- BIO_printf(bio_err, "No certificate matches private key\n");
- goto export_end;
- }
- }
-
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input 2");
-#endif
-
- /* Add any more certificates asked for */
- if(certfile)
- {
- STACK_OF(X509) *morecerts=NULL;
- if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
- NULL, e,
- "certificates from certfile")))
- goto export_end;
- while(sk_X509_num(morecerts) > 0)
- sk_X509_push(certs, sk_X509_shift(morecerts));
- sk_X509_free(morecerts);
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from certfile");
-#endif
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("building chain");
-#endif
-
- /* If chaining get chain from user cert */
- if (chain) {
- int vret;
- STACK_OF(X509) *chain2;
- X509_STORE *store = X509_STORE_new();
- if (!store)
- {
- BIO_printf (bio_err, "Memory allocation error\n");
- goto export_end;
- }
- if (!X509_STORE_load_locations(store, CAfile, CApath))
- X509_STORE_set_default_paths (store);
-
- vret = get_cert_chain (ucert, store, &chain2);
- X509_STORE_free(store);
-
- if (!vret) {
- /* Exclude verified certificate */
- for (i = 1; i < sk_X509_num (chain2) ; i++)
- sk_X509_push(certs, sk_X509_value (chain2, i));
- /* Free first certificate */
- X509_free(sk_X509_value(chain2, 0));
- sk_X509_free(chain2);
- } else {
- if (vret >= 0)
- BIO_printf (bio_err, "Error %s getting chain.\n",
- X509_verify_cert_error_string(vret));
- else
- ERR_print_errors(bio_err);
- goto export_end;
- }
- }
-
- /* Add any CA names */
-
- for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
- {
- catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
- X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
- }
-
- if (csp_name && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
- if (add_lmk && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading password");
-#endif
-
- if(!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto export_end;
- }
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("creating PKCS#12 structure");
-#endif
-
- p12 = PKCS12_create(cpass, name, key, ucert, certs,
- key_pbe, cert_pbe, iter, -1, keytype);
-
- if (!p12)
- {
- ERR_print_errors (bio_err);
- goto export_end;
- }
-
- if (macalg)
- {
- macmd = EVP_get_digestbyname(macalg);
- if (!macmd)
- {
- BIO_printf(bio_err, "Unknown digest algorithm %s\n",
- macalg);
- }
- }
-
- if (maciter != -1)
- PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("writing pkcs12");
-#endif
+ EVP_PKEY *key = NULL;
+ X509 *ucert = NULL, *x = NULL;
+ STACK_OF(X509) *certs = NULL;
+ const EVP_MD *macmd = NULL;
+ unsigned char *catmp = NULL;
+ int i;
+
+ if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+ BIO_printf(bio_err, "Nothing to do!\n");
+ goto export_end;
+ }
+
+ if (options & NOCERTS)
+ chain = 0;
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("process -export_cert");
+ CRYPTO_push_info("reading private key");
+# endif
+ if (!(options & NOKEYS)) {
+ key = load_key(bio_err, keyname ? keyname : infile,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!key)
+ goto export_end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input");
+# endif
+
+ /* Load in all certs in input file */
+ if (!(options & NOCERTS)) {
+ certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates");
+ if (!certs)
+ goto export_end;
+
+ if (key) {
+ /* Look for matching private key */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (X509_check_private_key(x, key)) {
+ ucert = x;
+ /* Zero keyid and alias */
+ X509_keyid_set1(ucert, NULL, 0);
+ X509_alias_set1(ucert, NULL, 0);
+ /* Remove from list */
+ (void)sk_X509_delete(certs, i);
+ break;
+ }
+ }
+ if (!ucert) {
+ BIO_printf(bio_err,
+ "No certificate matches private key\n");
+ goto export_end;
+ }
+ }
+
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input 2");
+# endif
+
+ /* Add any more certificates asked for */
+ if (certfile) {
+ STACK_OF(X509) *morecerts = NULL;
+ if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile")))
+ goto export_end;
+ while (sk_X509_num(morecerts) > 0)
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ sk_X509_free(morecerts);
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from certfile");
+# endif
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("building chain");
+# endif
+
+ /* If chaining get chain from user cert */
+ if (chain) {
+ int vret;
+ STACK_OF(X509) *chain2;
+ X509_STORE *store = X509_STORE_new();
+ if (!store) {
+ BIO_printf(bio_err, "Memory allocation error\n");
+ goto export_end;
+ }
+ if (!X509_STORE_load_locations(store, CAfile, CApath))
+ X509_STORE_set_default_paths(store);
+
+ vret = get_cert_chain(ucert, store, &chain2);
+ X509_STORE_free(store);
+
+ if (!vret) {
+ /* Exclude verified certificate */
+ for (i = 1; i < sk_X509_num(chain2); i++)
+ sk_X509_push(certs, sk_X509_value(chain2, i));
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
+ if (vret >= 0)
+ BIO_printf(bio_err, "Error %s getting chain.\n",
+ X509_verify_cert_error_string(vret));
+ else
+ ERR_print_errors(bio_err);
+ goto export_end;
+ }
+ }
+
+ /* Add any CA names */
+
+ for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+ catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
+ X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+ }
+
+ if (csp_name && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+ MBSTRING_ASC, (un