Increase the password buffer size to APP_PASS_LEN.

[openssl.git] / apps / pkcs8.c

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index cd6b537948793da681de4c820d863d0d1db03281..7ee23a22158656866281ce7c2c236d2746201bd2 100644 (file)
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -23,10 +23,11 @@ typedef enum OPTION_choice {
 #ifndef OPENSSL_NO_SCRYPT
     OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
 #endif
-    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+    OPT_TRADITIONAL
 } OPTION_CHOICE;
 
-OPTIONS pkcs8_options[] = {
+const OPTIONS pkcs8_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
     {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
     {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
@@ -37,10 +38,11 @@ OPTIONS pkcs8_options[] = {
     {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
     {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
     {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
-    {"v2prf", OPT_V2PRF, 's'},
+    {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
     {"iter", OPT_ITER, 'p', "Specify the iteration count"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
@@ -64,13 +66,13 @@ int pkcs8_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL;
     char *passinarg = NULL, *passoutarg = NULL, *prog;
 #ifndef OPENSSL_NO_UI
-    char pass[50];
+    char pass[APP_PASS_LEN];
 #endif
     char *passin = NULL, *passout = NULL, *p8pass = NULL;
     OPTION_CHOICE o;
     int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
-    int private = 0;
+    int private = 0, traditional = 0;
 #ifndef OPENSSL_NO_SCRYPT
     long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
 #endif
@@ -110,6 +112,9 @@ int pkcs8_main(int argc, char **argv)
         case OPT_NOCRYPT:
             nocrypt = 1;
             break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
         case OPT_V2:
             if (!opt_cipher(opt_arg(), &cipher))
                 goto opthelp;
@@ -320,11 +325,15 @@ int pkcs8_main(int argc, char **argv)
     }
 
     assert(private);
-    if (outformat == FORMAT_PEM)
-        PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-    else if (outformat == FORMAT_ASN1)
+    if (outformat == FORMAT_PEM) {
+        if (traditional)
+            PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
+                                                 NULL, passout);
+        else
+            PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+    } else if (outformat == FORMAT_ASN1) {
         i2d_PrivateKey_bio(out, pkey);
-    else {
+    } else {
         BIO_printf(bio_err, "Bad format specified for key\n");
         goto end;
     }
@@ -334,6 +343,7 @@ int pkcs8_main(int argc, char **argv)
     X509_SIG_free(p8);
     PKCS8_PRIV_KEY_INFO_free(p8inf);
     EVP_PKEY_free(pkey);
+    release_engine(e);
     BIO_free_all(out);
     BIO_free(in);
     OPENSSL_free(passin);