version 1.10, 2018/02/07 05:47:55 |
version 1.11, 2019/07/23 10:18:32 |
|
|
#include <openssl/pem.h> |
#include <openssl/pem.h> |
#include <openssl/pkcs12.h> |
#include <openssl/pkcs12.h> |
|
|
const EVP_CIPHER *enc; |
|
|
|
#define NOKEYS 0x1 |
#define NOKEYS 0x1 |
#define NOCERTS 0x2 |
#define NOCERTS 0x2 |
#define INFO 0x4 |
#define INFO 0x4 |
|
|
int cert_load(BIO * in, STACK_OF(X509) * sk); |
int cert_load(BIO * in, STACK_OF(X509) * sk); |
static int set_pbe(BIO * err, int *ppbe, const char *str); |
static int set_pbe(BIO * err, int *ppbe, const char *str); |
|
|
|
static struct { |
|
int add_lmk; |
|
char *CAfile; |
|
STACK_OF(OPENSSL_STRING) *canames; |
|
char *CApath; |
|
int cert_pbe; |
|
char *certfile; |
|
int chain; |
|
char *csp_name; |
|
const EVP_CIPHER *enc; |
|
int export_cert; |
|
int key_pbe; |
|
char *keyname; |
|
int keytype; |
|
char *infile; |
|
int iter; |
|
char *macalg; |
|
int maciter; |
|
int macver; |
|
char *name; |
|
int noprompt; |
|
int options; |
|
char *outfile; |
|
char *passarg; |
|
char *passargin; |
|
char *passargout; |
|
int twopass; |
|
} pkcs12_config; |
|
|
int |
int |
pkcs12_main(int argc, char **argv) |
pkcs12_main(int argc, char **argv) |
{ |
{ |
char *infile = NULL, *outfile = NULL, *keyname = NULL; |
|
char *certfile = NULL; |
|
BIO *in = NULL, *out = NULL; |
BIO *in = NULL, *out = NULL; |
char **args; |
char **args; |
char *name = NULL; |
|
char *csp_name = NULL; |
|
int add_lmk = 0; |
|
PKCS12 *p12 = NULL; |
PKCS12 *p12 = NULL; |
char pass[50], macpass[50]; |
char pass[50], macpass[50]; |
int export_cert = 0; |
|
int options = 0; |
|
int chain = 0; |
|
int badarg = 0; |
int badarg = 0; |
int iter = PKCS12_DEFAULT_ITER; |
|
int maciter = PKCS12_DEFAULT_ITER; |
|
int twopass = 0; |
|
int keytype = 0; |
|
int cert_pbe; |
|
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
|
int ret = 1; |
int ret = 1; |
int macver = 1; |
|
int noprompt = 0; |
|
STACK_OF(OPENSSL_STRING) * canames = NULL; |
|
char *cpass = NULL, *mpass = NULL; |
char *cpass = NULL, *mpass = NULL; |
char *passargin = NULL, *passargout = NULL, *passarg = NULL; |
|
char *passin = NULL, *passout = NULL; |
char *passin = NULL, *passout = NULL; |
char *macalg = NULL; |
|
char *CApath = NULL, *CAfile = NULL; |
|
|
|
if (single_execution) { |
if (single_execution) { |
if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { |
if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { |
|
|
} |
} |
} |
} |
|
|
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
memset(&pkcs12_config, 0, sizeof(pkcs12_config)); |
|
pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
|
pkcs12_config.enc = EVP_des_ede3_cbc(); |
|
pkcs12_config.iter = PKCS12_DEFAULT_ITER; |
|
pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
|
pkcs12_config.maciter = PKCS12_DEFAULT_ITER; |
|
pkcs12_config.macver = 1; |
|
|
enc = EVP_des_ede3_cbc(); |
|
|
|
args = argv + 1; |
args = argv + 1; |
|
|
while (*args) { |
while (*args) { |
if (*args[0] == '-') { |
if (*args[0] == '-') { |
if (!strcmp(*args, "-nokeys")) |
if (!strcmp(*args, "-nokeys")) |
options |= NOKEYS; |
pkcs12_config.options |= NOKEYS; |
else if (!strcmp(*args, "-keyex")) |
else if (!strcmp(*args, "-keyex")) |
keytype = KEY_EX; |
pkcs12_config.keytype = KEY_EX; |
else if (!strcmp(*args, "-keysig")) |
else if (!strcmp(*args, "-keysig")) |
keytype = KEY_SIG; |
pkcs12_config.keytype = KEY_SIG; |
else if (!strcmp(*args, "-nocerts")) |
else if (!strcmp(*args, "-nocerts")) |
options |= NOCERTS; |
pkcs12_config.options |= NOCERTS; |
else if (!strcmp(*args, "-clcerts")) |
else if (!strcmp(*args, "-clcerts")) |
options |= CLCERTS; |
pkcs12_config.options |= CLCERTS; |
else if (!strcmp(*args, "-cacerts")) |
else if (!strcmp(*args, "-cacerts")) |
options |= CACERTS; |
pkcs12_config.options |= CACERTS; |
else if (!strcmp(*args, "-noout")) |
else if (!strcmp(*args, "-noout")) |
options |= (NOKEYS | NOCERTS); |
pkcs12_config.options |= (NOKEYS | NOCERTS); |
else if (!strcmp(*args, "-info")) |
else if (!strcmp(*args, "-info")) |
options |= INFO; |
pkcs12_config.options |= INFO; |
else if (!strcmp(*args, "-chain")) |
else if (!strcmp(*args, "-chain")) |
chain = 1; |
pkcs12_config.chain = 1; |
else if (!strcmp(*args, "-twopass")) |
else if (!strcmp(*args, "-twopass")) |
twopass = 1; |
pkcs12_config.twopass = 1; |
else if (!strcmp(*args, "-nomacver")) |
else if (!strcmp(*args, "-nomacver")) |
macver = 0; |
pkcs12_config.macver = 0; |
else if (!strcmp(*args, "-descert")) |
else if (!strcmp(*args, "-descert")) |
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
pkcs12_config.cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
else if (!strcmp(*args, "-export")) |
else if (!strcmp(*args, "-export")) |
export_cert = 1; |
pkcs12_config.export_cert = 1; |
else if (!strcmp(*args, "-des")) |
else if (!strcmp(*args, "-des")) |
enc = EVP_des_cbc(); |
pkcs12_config.enc = EVP_des_cbc(); |
else if (!strcmp(*args, "-des3")) |
else if (!strcmp(*args, "-des3")) |
enc = EVP_des_ede3_cbc(); |
pkcs12_config.enc = EVP_des_ede3_cbc(); |
#ifndef OPENSSL_NO_IDEA |
#ifndef OPENSSL_NO_IDEA |
else if (!strcmp(*args, "-idea")) |
else if (!strcmp(*args, "-idea")) |
enc = EVP_idea_cbc(); |
pkcs12_config.enc = EVP_idea_cbc(); |
#endif |
#endif |
#ifndef OPENSSL_NO_AES |
#ifndef OPENSSL_NO_AES |
else if (!strcmp(*args, "-aes128")) |
else if (!strcmp(*args, "-aes128")) |
enc = EVP_aes_128_cbc(); |
pkcs12_config.enc = EVP_aes_128_cbc(); |
else if (!strcmp(*args, "-aes192")) |
else if (!strcmp(*args, "-aes192")) |
enc = EVP_aes_192_cbc(); |
pkcs12_config.enc = EVP_aes_192_cbc(); |
else if (!strcmp(*args, "-aes256")) |
else if (!strcmp(*args, "-aes256")) |
enc = EVP_aes_256_cbc(); |
pkcs12_config.enc = EVP_aes_256_cbc(); |
#endif |
#endif |
#ifndef OPENSSL_NO_CAMELLIA |
#ifndef OPENSSL_NO_CAMELLIA |
else if (!strcmp(*args, "-camellia128")) |
else if (!strcmp(*args, "-camellia128")) |
enc = EVP_camellia_128_cbc(); |
pkcs12_config.enc = EVP_camellia_128_cbc(); |
else if (!strcmp(*args, "-camellia192")) |
else if (!strcmp(*args, "-camellia192")) |
enc = EVP_camellia_192_cbc(); |
pkcs12_config.enc = EVP_camellia_192_cbc(); |
else if (!strcmp(*args, "-camellia256")) |
else if (!strcmp(*args, "-camellia256")) |
enc = EVP_camellia_256_cbc(); |
pkcs12_config.enc = EVP_camellia_256_cbc(); |
#endif |
#endif |
else if (!strcmp(*args, "-noiter")) |
else if (!strcmp(*args, "-noiter")) |
iter = 1; |
pkcs12_config.iter = 1; |
else if (!strcmp(*args, "-maciter")) |
else if (!strcmp(*args, "-maciter")) |
maciter = PKCS12_DEFAULT_ITER; |
pkcs12_config.maciter = PKCS12_DEFAULT_ITER; |
else if (!strcmp(*args, "-nomaciter")) |
else if (!strcmp(*args, "-nomaciter")) |
maciter = 1; |
pkcs12_config.maciter = 1; |
else if (!strcmp(*args, "-nomac")) |
else if (!strcmp(*args, "-nomac")) |
maciter = -1; |
pkcs12_config.maciter = -1; |
else if (!strcmp(*args, "-macalg")) |
else if (!strcmp(*args, "-macalg")) |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
macalg = *args; |
pkcs12_config.macalg = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
else if (!strcmp(*args, "-nodes")) |
else if (!strcmp(*args, "-nodes")) |
enc = NULL; |
pkcs12_config.enc = NULL; |
else if (!strcmp(*args, "-certpbe")) { |
else if (!strcmp(*args, "-certpbe")) { |
if (!set_pbe(bio_err, &cert_pbe, *++args)) |
if (!set_pbe(bio_err, &pkcs12_config.cert_pbe, *++args)) |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-keypbe")) { |
} else if (!strcmp(*args, "-keypbe")) { |
if (!set_pbe(bio_err, &key_pbe, *++args)) |
if (!set_pbe(bio_err, &pkcs12_config.key_pbe, *++args)) |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-inkey")) { |
} else if (!strcmp(*args, "-inkey")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
keyname = *args; |
pkcs12_config.keyname = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-certfile")) { |
} else if (!strcmp(*args, "-certfile")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
certfile = *args; |
pkcs12_config.certfile = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-name")) { |
} else if (!strcmp(*args, "-name")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
name = *args; |
pkcs12_config.name = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-LMK")) |
} else if (!strcmp(*args, "-LMK")) |
add_lmk = 1; |
pkcs12_config.add_lmk = 1; |
else if (!strcmp(*args, "-CSP")) { |
else if (!strcmp(*args, "-CSP")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
csp_name = *args; |
pkcs12_config.csp_name = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-caname")) { |
} else if (!strcmp(*args, "-caname")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
if (!canames) |
if (!pkcs12_config.canames) |
canames = sk_OPENSSL_STRING_new_null(); |
pkcs12_config.canames = sk_OPENSSL_STRING_new_null(); |
sk_OPENSSL_STRING_push(canames, *args); |
sk_OPENSSL_STRING_push(pkcs12_config.canames, *args); |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-in")) { |
} else if (!strcmp(*args, "-in")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
infile = *args; |
pkcs12_config.infile = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-out")) { |
} else if (!strcmp(*args, "-out")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
outfile = *args; |
pkcs12_config.outfile = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-passin")) { |
} else if (!strcmp(*args, "-passin")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
passargin = *args; |
pkcs12_config.passargin = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-passout")) { |
} else if (!strcmp(*args, "-passout")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
passargout = *args; |
pkcs12_config.passargout = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-password")) { |
} else if (!strcmp(*args, "-password")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
passarg = *args; |
pkcs12_config.passarg = *args; |
noprompt = 1; |
pkcs12_config.noprompt = 1; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-CApath")) { |
} else if (!strcmp(*args, "-CApath")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
CApath = *args; |
pkcs12_config.CApath = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else if (!strcmp(*args, "-CAfile")) { |
} else if (!strcmp(*args, "-CAfile")) { |
if (args[1]) { |
if (args[1]) { |
args++; |
args++; |
CAfile = *args; |
pkcs12_config.CAfile = *args; |
} else |
} else |
badarg = 1; |
badarg = 1; |
} else |
} else |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (passarg) { |
if (pkcs12_config.passarg) { |
if (export_cert) |
if (pkcs12_config.export_cert) |
passargout = passarg; |
pkcs12_config.passargout = pkcs12_config.passarg; |
else |
else |
passargin = passarg; |
pkcs12_config.passargin = pkcs12_config.passarg; |
} |
} |
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { |
if (!app_passwd(bio_err, pkcs12_config.passargin, pkcs12_config.passargout, &passin, &passout)) { |
BIO_printf(bio_err, "Error getting passwords\n"); |
BIO_printf(bio_err, "Error getting passwords\n"); |
goto end; |
goto end; |
} |
} |
if (!cpass) { |
if (!cpass) { |
if (export_cert) |
if (pkcs12_config.export_cert) |
cpass = passout; |
cpass = passout; |
else |
else |
cpass = passin; |
cpass = passin; |
} |
} |
if (cpass) { |
if (cpass) { |
mpass = cpass; |
mpass = cpass; |
noprompt = 1; |
pkcs12_config.noprompt = 1; |
} else { |
} else { |
cpass = pass; |
cpass = pass; |
mpass = macpass; |
mpass = macpass; |
} |
} |
|
|
if (!infile) |
if (!pkcs12_config.infile) |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
else |
else |
in = BIO_new_file(infile, "rb"); |
in = BIO_new_file(pkcs12_config.infile, "rb"); |
if (!in) { |
if (!in) { |
BIO_printf(bio_err, "Error opening input file %s\n", |
BIO_printf(bio_err, "Error opening input file %s\n", |
infile ? infile : "<stdin>"); |
pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); |
perror(infile); |
perror(pkcs12_config.infile); |
goto end; |
goto end; |
} |
} |
|
|
if (!outfile) { |
if (!pkcs12_config.outfile) { |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
} else |
} else |
out = BIO_new_file(outfile, "wb"); |
out = BIO_new_file(pkcs12_config.outfile, "wb"); |
if (!out) { |
if (!out) { |
BIO_printf(bio_err, "Error opening output file %s\n", |
BIO_printf(bio_err, "Error opening output file %s\n", |
outfile ? outfile : "<stdout>"); |
pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); |
perror(outfile); |
perror(pkcs12_config.outfile); |
goto end; |
goto end; |
} |
} |
if (twopass) { |
if (pkcs12_config.twopass) { |
if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { |
if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", pkcs12_config.export_cert)) { |
BIO_printf(bio_err, "Can't read Password\n"); |
BIO_printf(bio_err, "Can't read Password\n"); |
goto end; |
goto end; |
} |
} |
} |
} |
if (export_cert) { |
if (pkcs12_config.export_cert) { |
EVP_PKEY *key = NULL; |
EVP_PKEY *key = NULL; |
X509 *ucert = NULL, *x = NULL; |
X509 *ucert = NULL, *x = NULL; |
STACK_OF(X509) * certs = NULL; |
STACK_OF(X509) * certs = NULL; |
|
|
unsigned char *catmp = NULL; |
unsigned char *catmp = NULL; |
int i; |
int i; |
|
|
if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { |
if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { |
BIO_printf(bio_err, "Nothing to do!\n"); |
BIO_printf(bio_err, "Nothing to do!\n"); |
goto export_end; |
goto export_end; |
} |
} |
if (options & NOCERTS) |
if (pkcs12_config.options & NOCERTS) |
chain = 0; |
pkcs12_config.chain = 0; |
|
|
if (!(options & NOKEYS)) { |
if (!(pkcs12_config.options & NOKEYS)) { |
key = load_key(bio_err, keyname ? keyname : infile, |
key = load_key(bio_err, pkcs12_config.keyname ? pkcs12_config.keyname : pkcs12_config.infile, |
FORMAT_PEM, 1, passin, "private key"); |
FORMAT_PEM, 1, passin, "private key"); |
if (!key) |
if (!key) |
goto export_end; |
goto export_end; |
} |
} |
|
|
/* Load in all certs in input file */ |
/* Load in all certs in input file */ |
if (!(options & NOCERTS)) { |
if (!(pkcs12_config.options & NOCERTS)) { |
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, |
certs = load_certs(bio_err, pkcs12_config.infile, FORMAT_PEM, NULL, |
"certificates"); |
"certificates"); |
if (!certs) |
if (!certs) |
goto export_end; |
goto export_end; |
|
|
} |
} |
|
|
/* Add any more certificates asked for */ |
/* Add any more certificates asked for */ |
if (certfile) { |
if (pkcs12_config.certfile) { |
STACK_OF(X509) * morecerts = NULL; |
STACK_OF(X509) * morecerts = NULL; |
if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, |
if (!(morecerts = load_certs(bio_err, pkcs12_config.certfile, FORMAT_PEM, |
NULL, "certificates from certfile"))) |
NULL, "certificates from certfile"))) |
goto export_end; |
goto export_end; |
while (sk_X509_num(morecerts) > 0) |
while (sk_X509_num(morecerts) > 0) |
|
|
|
|
|
|
/* If chaining get chain from user cert */ |
/* If chaining get chain from user cert */ |
if (chain) { |
if (pkcs12_config.chain) { |
int vret; |
int vret; |
STACK_OF(X509) * chain2; |
STACK_OF(X509) * chain2; |
X509_STORE *store = X509_STORE_new(); |
X509_STORE *store = X509_STORE_new(); |
|
|
BIO_printf(bio_err, "Memory allocation error\n"); |
BIO_printf(bio_err, "Memory allocation error\n"); |
goto export_end; |
goto export_end; |
} |
} |
if (!X509_STORE_load_locations(store, CAfile, CApath)) |
if (!X509_STORE_load_locations(store, pkcs12_config.CAfile, pkcs12_config.CApath)) |
X509_STORE_set_default_paths(store); |
X509_STORE_set_default_paths(store); |
|
|
vret = get_cert_chain(ucert, store, &chain2); |
vret = get_cert_chain(ucert, store, &chain2); |
|
|
} |
} |
/* Add any CA names */ |
/* Add any CA names */ |
|
|
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); i++) { |
catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i); |
catmp = (unsigned char *) sk_OPENSSL_STRING_value(pkcs12_config.canames, i); |
X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
} |
} |
|
|
if (csp_name && key) |
if (pkcs12_config.csp_name && key) |
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
MBSTRING_ASC, (unsigned char *) csp_name, -1); |
MBSTRING_ASC, (unsigned char *) pkcs12_config.csp_name, -1); |
|
|
if (add_lmk && key) |
if (pkcs12_config.add_lmk && key) |
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
|
|
|
|
if (!noprompt && |
if (!pkcs12_config.noprompt && |
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { |
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { |
BIO_printf(bio_err, "Can't read Password\n"); |
BIO_printf(bio_err, "Can't read Password\n"); |
goto export_end; |
goto export_end; |
} |
} |
if (!twopass) |
if (!pkcs12_config.twopass) |
strlcpy(macpass, pass, sizeof macpass); |
strlcpy(macpass, pass, sizeof macpass); |
|
|
|
|
p12 = PKCS12_create(cpass, name, key, ucert, certs, |
p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, certs, |
key_pbe, cert_pbe, iter, -1, keytype); |
pkcs12_config.key_pbe, pkcs12_config.cert_pbe, pkcs12_config.iter, -1, pkcs12_config.keytype); |
|
|
if (!p12) { |
if (!p12) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto export_end; |
goto export_end; |
} |
} |
if (macalg) { |
if (pkcs12_config.macalg) { |
macmd = EVP_get_digestbyname(macalg); |
macmd = EVP_get_digestbyname(pkcs12_config.macalg); |
if (!macmd) { |
if (!macmd) { |
BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
macalg); |
pkcs12_config.macalg); |
} |
} |
} |
} |
if (maciter != -1) |
if (pkcs12_config.maciter != -1) |
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); |
PKCS12_set_mac(p12, mpass, -1, NULL, 0, pkcs12_config.maciter, macmd); |
|
|
|
|
i2d_PKCS12_bio(out, p12); |
i2d_PKCS12_bio(out, p12); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { |
if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { |
BIO_printf(bio_err, "Can't read Password\n"); |
BIO_printf(bio_err, "Can't read Password\n"); |
goto end; |
goto end; |
} |
} |
|
|
if (!twopass) |
if (!pkcs12_config.twopass) |
strlcpy(macpass, pass, sizeof macpass); |
strlcpy(macpass, pass, sizeof macpass); |
|
|
if ((options & INFO) && p12->mac) |
if ((pkcs12_config.options & INFO) && p12->mac) |
BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); |
BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); |
if (macver) { |
if (pkcs12_config.macver) { |
/* If we enter empty password try no password first */ |
/* If we enter empty password try no password first */ |
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
/* If mac and crypto pass the same set it to NULL too */ |
/* If mac and crypto pass the same set it to NULL too */ |
if (!twopass) |
if (!pkcs12_config.twopass) |
cpass = NULL; |
cpass = NULL; |
} else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
} else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
BIO_printf(bio_err, "Mac verify error: invalid password?\n"); |
BIO_printf(bio_err, "Mac verify error: invalid password?\n"); |
|
|
} |
} |
BIO_printf(bio_err, "MAC verified OK\n"); |
BIO_printf(bio_err, "MAC verified OK\n"); |
} |
} |
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) { |
if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, passout)) { |
BIO_printf(bio_err, "Error outputting keys and certificates\n"); |
BIO_printf(bio_err, "Error outputting keys and certificates\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
|
|
PKCS12_free(p12); |
PKCS12_free(p12); |
BIO_free(in); |
BIO_free(in); |
BIO_free_all(out); |
BIO_free_all(out); |
if (canames) |
if (pkcs12_config.canames) |
sk_OPENSSL_STRING_free(canames); |
sk_OPENSSL_STRING_free(pkcs12_config.canames); |
free(passin); |
free(passin); |
free(passout); |
free(passout); |
|
|
|
|
if (!(pkey = EVP_PKCS82PKEY(p8))) |
if (!(pkey = EVP_PKCS82PKEY(p8))) |
return 0; |
return 0; |
print_attribs(out, p8->attributes, "Key Attributes"); |
print_attribs(out, p8->attributes, "Key Attributes"); |
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); |
PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); |
EVP_PKEY_free(pkey); |
EVP_PKEY_free(pkey); |
break; |
break; |
|
|
|
|
} |
} |
print_attribs(out, p8->attributes, "Key Attributes"); |
print_attribs(out, p8->attributes, "Key Attributes"); |
PKCS8_PRIV_KEY_INFO_free(p8); |
PKCS8_PRIV_KEY_INFO_free(p8); |
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); |
PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); |
EVP_PKEY_free(pkey); |
EVP_PKEY_free(pkey); |
break; |
break; |
|
|