*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
char *CApath = NULL, *CAfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
else if (!strcmp (*args, "-nodes")) enc=NULL;
else if (!strcmp (*args, "-certpbe")) {
else if (!strcmp (*args, "-nodes")) enc=NULL;
else if (!strcmp (*args, "-certpbe")) {
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- cert_pbe = -1;
- cert_pbe=OBJ_txt2nid(*args);
- if(cert_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
+ if (!set_pbe(bio_err, &cert_pbe, *++args))
+ badarg = 1;
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- key_pbe = -1;
- else
- key_pbe=OBJ_txt2nid(*args);
- if(key_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
+ if (!set_pbe(bio_err, &key_pbe, *++args))
+ badarg = 1;
- } else if (!strcmp (*args, "-CSP")) {
+ } else if (!strcmp (*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp (*args, "-CSP")) {
- if (!canames) canames = sk_new_null();
- sk_push(canames, *args);
+ if (!canames) canames = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(canames, *args);
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
EVP_PKEY *key = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs=NULL;
EVP_PKEY *key = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs=NULL;
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
+
+ if (csp_name && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+ MBSTRING_ASC, (unsigned char *)csp_name, -1);
+
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
- PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+ PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
- if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+ if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
/* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
/* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) {
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) {
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
/* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this
/* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
BIO_printf (bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
BIO_printf (bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
+static int set_pbe(BIO *err, int *ppbe, const char *str)
+ {
+ if (!str)
+ return 0;
+ if (!strcmp(str, "NONE"))
+ {
+ *ppbe = -1;
+ return 1;
+ }
+ *ppbe=OBJ_txt2nid(str);
+ if (*ppbe == NID_undef)
+ {
+ BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+ return 0;
+ }
+ return 1;
+ }
+