X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpkcs12.c;h=800e2a840633e0728373d2824a855100f9467daa;hp=351f131fe170d925d03897c6b975a2b3af35bb27;hb=dad666fbbeed2a0699ca682b96f26f490cee1a4c;hpb=12ea44704a320d3abddb0db9d8560178cca86db0 diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 351f131fe1..800e2a8406 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1,4 +1,6 @@ /* pkcs12.c */ +#if !defined(NO_DES) && !defined(NO_SHA1) + /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project 1999. */ @@ -77,7 +79,6 @@ EVP_CIPHER *enc; #define CACERTS 0x10 int get_cert_chain(X509 *cert, STACK_OF(X509) **chain); -int dump_cert_text (BIO *out, X509 *x); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options); int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options); @@ -99,10 +100,11 @@ int MAIN(int argc, char **argv) int chain = 0; int badarg = 0; int iter = PKCS12_DEFAULT_ITER; - int maciter = 1; + int maciter = PKCS12_DEFAULT_ITER; int twopass = 0; int keytype = 0; int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1; int macver = 1; int noprompt = 0; @@ -141,8 +143,30 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) maciter = PKCS12_DEFAULT_ITER; + else if (!strcmp (*args, "-nomaciter")) + maciter = 1; else if (!strcmp (*args, "-nodes")) enc=NULL; - else if (!strcmp (*args, "-inkey")) { + else if (!strcmp (*args, "-certpbe")) { + if (args[1]) { + args++; + cert_pbe=OBJ_txt2nid(*args); + if(cert_pbe == NID_undef) { + BIO_printf(bio_err, + "Unknown PBE algorithm %s\n", *args); + badarg = 1; + } + } else badarg = 1; + } else if (!strcmp (*args, "-keypbe")) { + if (args[1]) { + args++; + key_pbe=OBJ_txt2nid(*args); + if(key_pbe == NID_undef) { + BIO_printf(bio_err, + "Unknown PBE algorithm %s\n", *args); + badarg = 1; + } + } else badarg = 1; + } else if (!strcmp (*args, "-inkey")) { if (args[1]) { args++; keyname = *args; @@ -223,6 +247,8 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-maciter use MAC iteration\n"); BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); + BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); + BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); BIO_printf (bio_err, "-keyex set MS key exchange type\n"); BIO_printf (bio_err, "-keysig set MS key signature type\n"); BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n"); @@ -279,20 +305,21 @@ int MAIN(int argc, char **argv) } } -if (export_cert) { + if (export_cert) { EVP_PKEY *key; STACK *bags, *safes; PKCS12_SAFEBAG *bag; PKCS8_PRIV_KEY_INFO *p8; PKCS7 *authsafe; - X509 *cert = NULL, *ucert = NULL; - STACK_OF(X509) *certs; + X509 *ucert = NULL; + STACK_OF(X509) *certs=NULL; char *catmp; int i; unsigned char keyid[EVP_MAX_MD_SIZE]; unsigned int keyidlen = 0; key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL); if (!inkey) (void) BIO_reset(in); + else BIO_free(inkey); if (!key) { BIO_printf (bio_err, "Error loading private key\n"); ERR_print_errors(bio_err); @@ -311,7 +338,7 @@ if (export_cert) { for(i = 0; i < sk_X509_num(certs); i++) { ucert = sk_X509_value(certs, i); if(X509_check_private_key(ucert, key)) { - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + X509_digest(ucert, EVP_sha1(), keyid, &keyidlen); break; } } @@ -352,6 +379,7 @@ if (export_cert) { /* We now have loads of certificates: include them all */ for(i = 0; i < sk_X509_num(certs); i++) { + X509 *cert = NULL; cert = sk_X509_value(certs, i); bag = M_PKCS12_x5092certbag(cert); /* If it matches private key set id */ @@ -362,7 +390,7 @@ if (export_cert) { PKCS12_add_friendlyname(bag, catmp, -1); sk_push(bags, (char *)bag); } - + sk_X509_pop_free(certs, X509_free); if (canames) sk_free(canames); if(!noprompt && @@ -388,8 +416,7 @@ if (export_cert) { p8 = EVP_PKEY2PKCS8 (key); EVP_PKEY_free(key); if(keytype) PKCS8_add_keyusage(p8, keytype); - bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - cpass, -1, NULL, 0, iter, p8); + bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8); PKCS8_PRIV_KEY_INFO_free(p8); if (name) PKCS12_add_friendlyname (bag, name, -1); PKCS12_add_localkeyid (bag, keyid, keyidlen); @@ -450,20 +477,6 @@ if (export_cert) { EXIT(ret); } -int dump_cert_text (BIO *out, X509 *x) -{ - char buf[256]; - X509_NAME_oneline(X509_get_subject_name(x),buf,256); - BIO_puts(out,"subject="); - BIO_puts(out,buf); - - X509_NAME_oneline(X509_get_issuer_name(x),buf,256); - BIO_puts(out,"\nissuer= "); - BIO_puts(out,buf); - BIO_puts(out,"\n"); - return 0; -} - int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int passlen, int options) { @@ -697,3 +710,5 @@ void hex_prin(BIO *out, unsigned char *buf, int len) int i; for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); } + +#endif