X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpkcs12.c;h=c22c00fce156147fe9e0b121f4cecdd0c93079ba;hp=e445c24b9bd667cc9c140f74374e312612912648;hb=b3836ed3cbeb9a5d735597e8a79ffea5894cb470;hpb=1c3e4a366022c043ae87ff9715905e97582bf649 diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e445c24b9b..c22c00fce1 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1,6 +1,4 @@ /* pkcs12.c */ -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) - /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project. */ @@ -58,6 +56,9 @@ * */ +#include +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) + #include #include #include @@ -83,7 +84,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); -int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); +int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); int alg_print(BIO *x, X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); @@ -120,7 +121,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -259,11 +262,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -311,14 +316,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; @@ -530,6 +539,10 @@ int MAIN(int argc, char **argv) catmp = (unsigned char *)sk_value(canames, i); X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } + + if (csp_name && key) + EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *)csp_name, -1); #ifdef CRYPTO_MDEBUG @@ -543,14 +556,14 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "Can't read Password\n"); goto export_end; } - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_create(pass, name, key, ucert, certs, + p12 = PKCS12_create(cpass, name, key, ucert, certs, key_pbe, cert_pbe, iter, -1, keytype); if (!p12) @@ -605,7 +618,7 @@ int MAIN(int argc, char **argv) CRYPTO_pop_info(); #endif - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if(macver) { @@ -613,7 +626,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("verify MAC"); #endif /* If we enter empty password try no password first */ - if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { /* If mac and crypto pass the same set it to NULL too */ if(!twopass) cpass = NULL; } else if (!PKCS12_verify_mac(p12, mpass, -1)) { @@ -657,9 +670,10 @@ int MAIN(int argc, char **argv) int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass) { - STACK_OF(PKCS7) *asafes; + STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; + int ret = 0; PKCS7 *p7; if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; @@ -677,16 +691,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; - if (!bags) return 0; + if (!bags) goto err; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, options, pempass)) { sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); - return 0; + goto err; } sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); + bags = NULL; } - sk_PKCS7_pop_free (asafes, PKCS7_free); - return 1; + ret = 1; + + err: + + if (asafes) + sk_PKCS7_pop_free (asafes, PKCS7_free); + return ret; } int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -803,11 +823,12 @@ err: int alg_print (BIO *x, X509_ALGOR *alg) { PBEPARAM *pbe; - unsigned char *p; + const unsigned char *p; p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); - BIO_printf (bio_err, "%s, Iteration %d\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + BIO_printf (bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); return 0; } @@ -841,7 +862,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) /* Generalised attribute print: handle PKCS#8 and bag attributes */ -int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) +int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av;