More PKCS#8 stuff. Support for unencrypted forms of private key.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 5 Jun 1999 12:39:10 +0000 (12:39 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 5 Jun 1999 12:39:10 +0000 (12:39 +0000)
CHANGES
apps/pkcs8.c
crypto/pem/pem.h
crypto/pem/pem_all.c

diff --git a/CHANGES b/CHANGES
index 7605e6d..0c6d47c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,11 @@
  Changes between 0.9.3a and 0.9.4
 
   *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
-     and partial PKCS#8 functionality. New 'pkcs8' application linked to
-     openssl.
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
      [Steve Henson]
 
   *) Introduce some semblance of const correctness to BN. Shame C doesn't
index 442eced..42d6ba4 100644 (file)
@@ -74,6 +74,7 @@ int MAIN(int argc, char **argv)
        int iter = PKCS12_DEFAULT_ITER;
        int informat, outformat;
        int p8_broken = PKCS8_OK;
+       int nocrypt = 0;
        X509_SIG *p8;
        PKCS8_PRIV_KEY_INFO *p8inf;
        EVP_PKEY *pkey;
@@ -98,6 +99,7 @@ int MAIN(int argc, char **argv)
                        } else badarg = 1;
                } else if (!strcmp (*args, "-topk8")) topk8 = 1;
                else if (!strcmp (*args, "-noiter")) iter = 1;
+               else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
                else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
                else if (!strcmp (*args, "-in")) {
                        if (args[1]) {
@@ -116,11 +118,14 @@ int MAIN(int argc, char **argv)
        if (badarg) {
                BIO_printf (bio_err, "Usage pkcs8 [options]\n");
                BIO_printf (bio_err, "where options are\n");
-               BIO_printf (bio_err, "-in file  input file\n");
-               BIO_printf (bio_err, "-out file output file\n");
-               BIO_printf (bio_err, "-topk8    output PKCS8 file\n");
-               BIO_printf (bio_err, "-nooct    use (broken) no octet form\n");
-               BIO_printf (bio_err, "-noiter   use 1 as iteration cound\n");
+               BIO_printf (bio_err, "-in file   input file\n");
+               BIO_printf (bio_err, "-inform X  input format (DER or PEM)\n");
+               BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
+               BIO_printf (bio_err, "-out file  output file\n");
+               BIO_printf (bio_err, "-topk8     output PKCS8 file\n");
+               BIO_printf (bio_err, "-nooct     use (broken) no octet form\n");
+               BIO_printf (bio_err, "-noiter    use 1 as iteration count\n");
+               BIO_printf (bio_err, "-nocrypt   use or expect unencrypted private key\n");
                return (1);
        }
 
@@ -154,35 +159,66 @@ int MAIN(int argc, char **argv)
                        return (1);
                }
                PKCS8_set_broken(p8inf, p8_broken);
-               EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
-               if (!(p8 = PKCS8_encrypt(pbe_nid, pass, strlen(pass),
-                                NULL, 0, iter, p8inf))) {
-                       BIO_printf (bio_err, "Error encrypting key\n", outfile);
-                       ERR_print_errors(bio_err);
-                       return (1);
+               if(nocrypt) {
+                       if(outformat == FORMAT_PEM) 
+                               PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+                       else if(outformat == FORMAT_ASN1)
+                               i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+                       else {
+                               BIO_printf(bio_err, "Bad format specified for key\n");
+                               return (1);
+                       }
+               } else {
+                       EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+                       if (!(p8 = PKCS8_encrypt(pbe_nid, pass, strlen(pass),
+                                        NULL, 0, iter, p8inf))) {
+                               BIO_printf (bio_err, "Error encrypting key\n",
+                                                                outfile);
+                               ERR_print_errors(bio_err);
+                               return (1);
+                       }
+                       if(outformat == FORMAT_PEM) 
+                               PEM_write_bio_PKCS8 (out, p8);
+                       else if(outformat == FORMAT_ASN1)
+                               i2d_PKCS8_bio(out, p8);
+                       else {
+                               BIO_printf(bio_err, "Bad format specified for key\n");
+                               return (1);
+                       }
+                       X509_SIG_free(p8);
                }
                PKCS8_PRIV_KEY_INFO_free (p8inf);
-               PEM_write_bio_PKCS8 (out, p8);
-               X509_SIG_free(p8);
                return (0);
        }
 
-       if(informat == FORMAT_PEM) 
-               p8 = PEM_read_bio_PKCS8(in, NULL, NULL);
-       else if(informat == FORMAT_ASN1)
-               p8 = d2i_PKCS8_bio(in, NULL);
-       else {
-               BIO_printf(bio_err, "Bad input format specified for key\n");
-               return (1);
-       }
+       if(nocrypt) {
+               if(informat == FORMAT_PEM) 
+                       p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL);
+               else if(informat == FORMAT_ASN1)
+                       p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+               else {
+                       BIO_printf(bio_err, "Bad format specified for key\n");
+                       return (1);
+               }
+       } else {
+               if(informat == FORMAT_PEM) 
+                       p8 = PEM_read_bio_PKCS8(in, NULL, NULL);
+               else if(informat == FORMAT_ASN1)
+                       p8 = d2i_PKCS8_bio(in, NULL);
+               else {
+                       BIO_printf(bio_err, "Bad format specified for key\n");
+                       return (1);
+               }
 
-       if (!p8) {
-               BIO_printf (bio_err, "Error reading key\n", outfile);
-               ERR_print_errors(bio_err);
-               return (1);
+               if (!p8) {
+                       BIO_printf (bio_err, "Error reading key\n", outfile);
+                       ERR_print_errors(bio_err);
+                       return (1);
+               }
+               EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+               p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
        }
-       EVP_read_pw_string(pass, 50, "Enter Password:", 0);
-       p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
+
        if (!p8inf) {
                BIO_printf(bio_err, "Error decrypting key\n", outfile);
                ERR_print_errors(bio_err);
@@ -210,7 +246,7 @@ int MAIN(int argc, char **argv)
        
        PKCS8_PRIV_KEY_INFO_free(p8inf);
 
-       PEM_write_bio_PrivateKey (out, pkey, NULL, NULL, 0, NULL);
+       PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL);
 
        return (0);
 }
index c31984c..7c02356 100644 (file)
@@ -104,12 +104,13 @@ extern "C" {
 #define PEM_STRING_X509_REQ_OLD        "NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ    "CERTIFICATE REQUEST"
 #define PEM_STRING_X509_CRL    "X509 CRL"
-#define PEM_STRING_EVP_PKEY    "PRIVATE KEY"
+#define PEM_STRING_EVP_PKEY    "ANY PRIVATE KEY"
 #define PEM_STRING_RSA         "RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC  "RSA PUBLIC KEY"
 #define PEM_STRING_DSA         "DSA PRIVATE KEY"
 #define PEM_STRING_PKCS7       "PKCS7"
 #define PEM_STRING_PKCS8       "ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF    "PRIVATE KEY"
 #define PEM_STRING_DHPARAMS    "DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS   "DSA PARAMETERS"
@@ -403,6 +404,8 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x, pem_password_cb *);
 PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x, pem_password_cb *);
 NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *);
 X509_SIG *PEM_read_PKCS8(FILE *fp,X509_SIG **x, pem_password_cb *);
+PKCS8_PRIV_KEY_INFO *PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp,
+                               PKCS8_PRIV_KEY_INFO **x, pem_password_cb *);
 int PEM_write_X509(FILE *fp,X509 *x);
 int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
 int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
@@ -427,6 +430,7 @@ int PEM_write_DSAparams(FILE *fp,DSA *x);
 #endif
 int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp,NETSCAPE_CERT_SEQUENCE *x);
 int PEM_write_PKCS8(FILE *fp,X509_SIG *x);
+int PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp,PKCS8_PRIV_KEY_INFO *x);
 #endif
 
 #ifdef HEADER_BIO_H
@@ -447,6 +451,8 @@ DH *PEM_read_bio_DHparams(BIO *bp,DH **x, pem_password_cb *);
 #endif
 NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *);
 X509_SIG *PEM_read_bio_PKCS8(BIO *bp,X509_SIG **x, pem_password_cb *);
+PKCS8_PRIV_KEY_INFO *PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,
+                               PKCS8_PRIV_KEY_INFO **x, pem_password_cb *);
 #ifndef NO_DSA
 DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x, pem_password_cb *);
 #endif
@@ -473,6 +479,7 @@ int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
 #endif
 int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,NETSCAPE_CERT_SEQUENCE *x);
 int PEM_write_bio_PKCS8(BIO *bp,X509_SIG *x);
+int PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,PKCS8_PRIV_KEY_INFO *x);
 #endif
 
 #endif /* SSLEAY_MACROS */
index bb3ce51..51eec6d 100644 (file)
@@ -435,3 +435,35 @@ int PEM_write_bio_PKCS8(BIO *bp, X509_SIG *x)
        return(PEM_ASN1_write_bio((int (*)())i2d_X509_SIG,
                PEM_STRING_PKCS8,bp, (char *)x, NULL,NULL,0,NULL));
        }
+
+#ifndef NO_FP_API
+PKCS8_PRIV_KEY_INFO *PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp,
+            PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)
+       {
+       return((PKCS8_PRIV_KEY_INFO *)
+               PEM_ASN1_read((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,
+               PEM_STRING_PKCS8INF,fp,(char **)x,cb));
+       }
+#endif
+
+PKCS8_PRIV_KEY_INFO *PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,
+            PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)
+       {
+       return((PKCS8_PRIV_KEY_INFO *)
+               PEM_ASN1_read_bio((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,
+               PEM_STRING_PKCS8INF,bp,(char **)x,cb));
+       }
+
+#ifndef NO_FP_API
+int PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO *x)
+       {
+       return(PEM_ASN1_write((int (*)())i2d_PKCS8_PRIV_KEY_INFO,
+               PEM_STRING_PKCS8INF,fp, (char *)x, NULL,NULL,0,NULL));
+       }
+#endif
+
+int PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO *x)
+       {
+       return(PEM_ASN1_write_bio((int (*)())i2d_PKCS8_PRIV_KEY_INFO,
+               PEM_STRING_PKCS8INF,bp, (char *)x, NULL,NULL,0,NULL));
+       }