Don't try to print PBE information if it can't be decoded.

[openssl.git] / apps / pkcs12.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a00b438f9600f5c1ca5a1321b3289e71e596caa8..037aa3f011b014823d6345e18c7d6b20909f963f 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,6 +1,4 @@
 /* pkcs12.c */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project.
  */
@@ -58,6 +56,9 @@
  *
  */
 
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -83,10 +84,11 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
                          int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(BIO *err, int *ppbe, const char *str);
 
 int MAIN(int, char **);
 
@@ -170,30 +172,11 @@ int MAIN(int argc, char **argv)
                                         maciter = -1;
                else if (!strcmp (*args, "-nodes")) enc=NULL;
                else if (!strcmp (*args, "-certpbe")) {
-                       if (args[1]) {
-                               args++;
-                               if (!strcmp(*args, "NONE"))
-                                       cert_pbe = -1;
-                               cert_pbe=OBJ_txt2nid(*args);
-                               if(cert_pbe == NID_undef) {
-                                       BIO_printf(bio_err,
-                                                "Unknown PBE algorithm %s\n", *args);
-                                       badarg = 1;
-                               }
-                       } else badarg = 1;
+                       if (!set_pbe(bio_err, &cert_pbe, *++args))
+                               badarg = 1;
                } else if (!strcmp (*args, "-keypbe")) {
-                       if (args[1]) {
-                               args++;
-                               if (!strcmp(*args, "NONE"))
-                                       key_pbe = -1;
-                               else
-                                       key_pbe=OBJ_txt2nid(*args);
-                               if(key_pbe == NID_undef) {
-                                       BIO_printf(bio_err,
-                                                "Unknown PBE algorithm %s\n", *args);
-                                       badarg = 1;
-                               }
-                       } else badarg = 1;
+                       if (!set_pbe(bio_err, &key_pbe, *++args))
+                               badarg = 1;
                } else if (!strcmp (*args, "-rand")) {
                    if (args[1]) {
                        args++; 
@@ -538,6 +521,10 @@ int MAIN(int argc, char **argv)
                catmp = (unsigned char *)sk_value(canames, i);
                X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
                }
+
+       if (csp_name && key)
+               EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+                               MBSTRING_ASC, (unsigned char *)csp_name, -1);
                
 
 #ifdef CRYPTO_MDEBUG
@@ -551,7 +538,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "Can't read Password\n");
                goto export_end;
                }
-       if (!twopass) strcpy(macpass, pass);
+       if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
 
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();
@@ -613,7 +600,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_pop_info();
 #endif
 
-    if (!twopass) strcpy(macpass, pass);
+    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
 
     if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
@@ -621,7 +608,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_push_info("verify MAC");
 #endif
        /* If we enter empty password try no password first */
-       if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+       if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
                /* If mac and crypto pass the same set it to NULL too */
                if(!twopass) cpass = NULL;
        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
@@ -665,9 +652,10 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
             int passlen, int options, char *pempass)
 {
-       STACK_OF(PKCS7) *asafes;
+       STACK_OF(PKCS7) *asafes = NULL;
        STACK_OF(PKCS12_SAFEBAG) *bags;
        int i, bagnid;
+       int ret = 0;
        PKCS7 *p7;
 
        if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
@@ -685,16 +673,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
                        }
                        bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
                } else continue;
-               if (!bags) return 0;
+               if (!bags) goto err;
                if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
                                                 options, pempass)) {
                        sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-                       return 0;
+                       goto err;
                }
                sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+               bags = NULL;
        }
-       sk_PKCS7_pop_free (asafes, PKCS7_free);
-       return 1;
+       ret = 1;
+
+       err:
+
+       if (asafes)
+               sk_PKCS7_pop_free (asafes, PKCS7_free);
+       return ret;
 }
 
 int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -811,13 +805,16 @@ err:
 int alg_print (BIO *x, X509_ALGOR *alg)
 {
        PBEPARAM *pbe;
-       unsigned char *p;
+       const unsigned char *p;
        p = alg->parameter->value.sequence->data;
-       pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
-       BIO_printf (bio_err, "%s, Iteration %d\n", 
-       OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
+       pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+       if (!pbe)
+               return 1;
+       BIO_printf (bio_err, "%s, Iteration %ld\n", 
+               OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+               ASN1_INTEGER_get(pbe->iter));
        PBEPARAM_free (pbe);
-       return 0;
+       return 1;
 }
 
 /* Load all certificates from a given file */
@@ -849,7 +846,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
 {
        X509_ATTRIBUTE *attr;
        ASN1_TYPE *av;
@@ -910,4 +907,22 @@ void hex_prin(BIO *out, unsigned char *buf, int len)
        for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
 }
 
+static int set_pbe(BIO *err, int *ppbe, const char *str)
+       {
+       if (!str)
+               return 0;
+       if (!strcmp(str, "NONE"))
+               {
+               *ppbe = -1;
+               return 1;
+               }
+       *ppbe=OBJ_txt2nid(str);
+       if (*ppbe == NID_undef)
+               {
+               BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+               return 0;
+               }
+       return 1;
+       }
+                       
 #endif