#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/des.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#define CACERTS 0x10
int get_cert_chain(X509 *cert, STACK **chain);
+int dump_cert_text (BIO *out, X509 *x);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
int ret = 1;
int macver = 1;
+ int noprompt = 0;
STACK *canames = NULL;
+ char *cpass = NULL, *mpass = NULL;
apps_startup();
args++;
outfile = *args;
} else badarg = 1;
+ } else if (!strcmp (*args, "-envpass")) {
+ if (args[1]) {
+ args++;
+ if(!(cpass = getenv(*args))) {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n", *args);
+ goto end;
+ }
+ noprompt = 1;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-password")) {
+ if (args[1]) {
+ args++;
+ cpass = *args;
+ noprompt = 1;
+ } else badarg = 1;
} else badarg = 1;
} else badarg = 1;
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
+ BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
+ BIO_printf (bio_err, "-envpass p set import/export password from environment\n");
goto end;
}
+ if(cpass) mpass = cpass;
+ else {
+ cpass = pass;
+ mpass = macpass;
+ }
+
ERR_load_crypto_strings();
in = BIO_new (BIO_s_file());
if (canames) sk_free(canames);
- if(EVP_read_pw_string (pass, 50, "Enter Export Password:", 1)) {
+ if(!noprompt &&
+ EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
if (!twopass) strcpy(macpass, pass);
/* Turn certbags into encrypted authsafe */
- authsafe = PKCS12_pack_p7encdata (cert_pbe, pass, -1, NULL, 0,
+ authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
iter, bags);
sk_pop_free(bags, PKCS12_SAFEBAG_free);
EVP_PKEY_free(key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- pass, -1, NULL, 0, iter, p8);
+ cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (name) PKCS12_add_friendlyname (bag, name, -1);
- PKCS12_add_localkeyid (bag, keyid, keyidlen);
+ if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_new(NULL);
sk_push (bags, (char *)bag);
/* Turn it into unencrypted safe bag */
sk_pop_free(safes, PKCS7_free);
- PKCS12_set_mac (p12, macpass, -1, NULL, 0, maciter, NULL);
+ PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
i2d_PKCS12_bio (out, p12);
ret = 0;
goto end;
-}
+ }
if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
ERR_print_errors(bio_err);
goto end;
}
- if(EVP_read_pw_string (pass, 50, "Enter Import Password:", 0)) {
+ if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
- if (!PKCS12_verify_mac (p12, macpass, -1)) {
+ if (!PKCS12_verify_mac (p12, mpass, -1)) {
BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
}
- if (!dump_certs_keys_p12 (out, p12, pass, -1, options)) {
+ if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors (bio_err);
goto end;
BIO_printf(out, ": ");
} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
- if(sk_num(attr->value.set)) {
- av = (ASN1_TYPE *)sk_value(attr->value.set, 0);
+ if(sk_ASN1_TYPE_num(attr->value.set)) {
+ av = sk_ASN1_TYPE_value(attr->value.set, 0);
switch(av->type) {
case V_ASN1_BMPSTRING:
value = uni2asc(av->value.bmpstring->data,