X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpkcs12.c;h=6a70d9b47c673a1318bf8e77a6b10e0ba350af48;hp=95974f8917d2831433947d8ed26333f20a500cf1;hb=4aeb94b80173c25fbf2f01eef8c4764a4bdfecf2;hpb=a9be3af5ad4836f7e50f0546311ca90c717b861e

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 95974f8917..6a70d9b47c 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/des.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
@@ -77,6 +78,7 @@ EVP_CIPHER *enc;
 #define CACERTS		0x10
 
 int get_cert_chain(X509 *cert, STACK **chain);
+int dump_cert_text (BIO *out, X509 *x);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
 int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
@@ -104,7 +106,9 @@ int MAIN(int argc, char **argv)
     int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
     int ret = 1;
     int macver = 1;
+    int noprompt = 0;
     STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
 
     apps_startup();
 
@@ -169,6 +173,22 @@ int MAIN(int argc, char **argv)
 			args++;	
 			outfile = *args;
 		    } else badarg = 1;
+		} else if (!strcmp (*args, "-envpass")) {
+		    if (args[1]) {
+			args++;	
+			if(!(cpass = getenv(*args))) {
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n", *args);
+				goto end;
+			}
+			noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			cpass = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -205,9 +225,17 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
 	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
 	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
+	BIO_printf (bio_err, "-envpass p    set import/export password from environment\n");
     	goto end;
     }
 
+    if(cpass) mpass = cpass;
+    else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
     ERR_load_crypto_strings();
 
     in = BIO_new (BIO_s_file());
@@ -343,13 +371,14 @@ if (export_cert) {
 
 	if (canames) sk_free(canames);
 
-	if(EVP_read_pw_string (pass, 50, "Enter Export Password:", 1)) {
+	if(!noprompt &&
+		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto end;
         }
 	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
-	authsafe = PKCS12_pack_p7encdata (cert_pbe, pass, -1, NULL, 0,
+	authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
 	sk_pop_free(bags, PKCS12_SAFEBAG_free);
 
@@ -366,10 +395,10 @@ if (export_cert) {
 	EVP_PKEY_free(key);
 	if(keytype) PKCS8_add_keyusage(p8, keytype);
 	bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-			pass, -1, NULL, 0, iter, p8);
+			cpass, -1, NULL, 0, iter, p8);
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name) PKCS12_add_friendlyname (bag, name, -1);
-	PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
 	bags = sk_new(NULL);
 	sk_push (bags, (char *)bag);
 	/* Turn it into unencrypted safe bag */
@@ -383,7 +412,7 @@ if (export_cert) {
 
 	sk_pop_free(safes, PKCS7_free);
 
-	PKCS12_set_mac (p12, macpass, -1, NULL, 0, maciter, NULL);
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
 
 	i2d_PKCS12_bio (out, p12);
 
@@ -392,14 +421,14 @@ if (export_cert) {
 	ret = 0;
 	goto end;
 	
-}
+    }
 
     if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
 	ERR_print_errors(bio_err);
 	goto end;
     }
 
-    if(EVP_read_pw_string (pass, 50, "Enter Import Password:", 0)) {
+    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
 	BIO_printf (bio_err, "Can't read Password\n");
 	goto end;
     }
@@ -408,14 +437,14 @@ if (export_cert) {
 
     if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
-	if (!PKCS12_verify_mac (p12, macpass, -1)) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
 	} else BIO_printf (bio_err, "MAC verified OK\n");
     }
 
-    if (!dump_certs_keys_p12 (out, p12, pass, -1, options)) {
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
 	BIO_printf(bio_err, "Error outputting keys and certificates\n");
 	ERR_print_errors (bio_err);
 	goto end;
@@ -637,8 +666,8 @@ int print_attribs (BIO *out, STACK *attrlst, char *name)
 			BIO_printf(out, ": ");
 		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
 
-		if(sk_num(attr->value.set)) {
-			av = (ASN1_TYPE *)sk_value(attr->value.set, 0);
+		if(sk_ASN1_TYPE_num(attr->value.set)) {
+			av = sk_ASN1_TYPE_value(attr->value.set, 0);
 			switch(av->type) {
 				case V_ASN1_BMPSTRING:
         			value = uni2asc(av->value.bmpstring->data,