#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#define CACERTS 0x10
int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
-int dump_cert_text (BIO *out, X509 *x);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
- int maciter = 1;
+ int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp (*args, "-nomaciter"))
+ maciter = 1;
else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-inkey")) {
+ else if (!strcmp (*args, "-certpbe")) {
+ if (args[1]) {
+ args++;
+ cert_pbe=OBJ_txt2nid(*args);
+ if(cert_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-keypbe")) {
+ if (args[1]) {
+ args++;
+ key_pbe=OBJ_txt2nid(*args);
+ if(key_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
keyname = *args;
BIO_printf (bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
ERR_load_crypto_strings();
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read files");
+#endif
+
if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
else in = BIO_new_file(infile, "rb");
if (!in) {
}
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("write files");
+#endif
+
if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
else out = BIO_new_file(outfile, "wb");
if (!out) {
goto end;
}
if (twopass) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+#endif
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
}
if (export_cert) {
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
X509 *ucert = NULL;
- STACK_OF(X509) *certs;
+ STACK_OF(X509) *certs=NULL;
char *catmp;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("process -export_cert");
+#endif
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);
if (!inkey) (void) BIO_reset(in);
+ else BIO_free(inkey);
if (!key) {
BIO_printf (bio_err, "Error loading private key\n");
ERR_print_errors(bio_err);
PKCS12_add_friendlyname(bag, catmp, -1);
sk_push(bags, (char *)bag);
}
-
+ sk_X509_pop_free(certs, X509_free);
if (canames) sk_free(canames);
if(!noprompt &&
p8 = EVP_PKEY2PKCS8 (key);
EVP_PKEY_free(key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
- bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- cpass, -1, NULL, 0, iter, p8);
+ bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (name) PKCS12_add_friendlyname (bag, name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen);
PKCS12_free(p12);
ret = 0;
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
goto end;
}
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read import password");
+#endif
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
if (!twopass) strcpy(macpass, pass);
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("verify MAC");
+#endif
if (!PKCS12_verify_mac (p12, mpass, -1)) {
BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("output keys and certificates");
+#endif
if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors (bio_err);
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
PKCS12_free(p12);
ret = 0;
end:
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_remove_all_info();
+#endif
+ BIO_free(in);
BIO_free(out);
EXIT(ret);
}
-int dump_cert_text (BIO *out, X509 *x)
-{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
- BIO_puts(out,"subject=");
- BIO_puts(out,buf);
-
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
- BIO_puts(out,"\n");
- return 0;
-}
-
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options)
{
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
int i;
- X509 *x;
+
store = X509_STORE_new ();
X509_STORE_set_default_paths (store);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
i = X509_STORE_CTX_get_error (&store_ctx);
goto err;
}
- chn = sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
- for (i = 0; i < sk_X509_num(chn); i++) {
- x = sk_X509_value(chn, i);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- }
+ chn = X509_STORE_CTX_rget_chain(&store_ctx);
i = 0;
*chain = chn;
err:
projects / openssl.git / blobdiff