Add AES support in the applications that support -des and -des3.

[openssl.git] / apps / pkcs12.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index d90cf59df71fce49bbdff2e542fc8ff964d95203..a42421803412261963a954820b6db6f7a1b23448 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,7 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#include <openssl/engine.h>
 
 #define PROG pkcs12_main
 
@@ -152,6 +151,11 @@ int MAIN(int argc, char **argv)
                else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
                else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+               else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc();
+               else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc();
+               else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
                else if (!strcmp (*args, "-noiter")) iter = 1;
                else if (!strcmp (*args, "-maciter"))
                                         maciter = PKCS12_DEFAULT_ITER;
@@ -280,6 +284,10 @@ int MAIN(int argc, char **argv)
        BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
 #ifndef OPENSSL_NO_IDEA
        BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+       BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+       BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
 #endif
        BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
        BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
@@ -460,10 +468,16 @@ int MAIN(int argc, char **argv)
 
        /* Add any more certificates asked for */
        if (certfile) {
-               if(!(certs = load_certs(bio_err, certfile, FORMAT_PEM, NULL, e,
-                       "certificates from certfile"))) {
+               STACK_OF(X509) *morecerts=NULL;
+               if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+                                           NULL, e,
+                                           "certificates from certfile"))) {
                        goto export_end;
                }
+               while(sk_X509_num(morecerts) > 0) {
+                       sk_X509_push(certs, sk_X509_shift(morecerts));
+               }
+               sk_X509_free(morecerts);
        }
 
 #ifdef CRYPTO_MDEBUG