X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpkcs8.c;h=dc9e1ef66fc36d0004ef6194082f2f3680f79c4a;hp=3633590874f2fb367093b012464459313cdc0f19;hb=7ce79a5bfdbcd53ae75f85e94eed665a05b5dea3;hpb=ecbe07817ab8fff2aca97eeb69fabdd5c54b4bda diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 3633590874..dc9e1ef66f 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -1,6 +1,6 @@ /* pkcs8.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999-2004. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -62,15 +62,13 @@ #include #include #include -#include -#include "apps.h" #define PROG pkcs8_main int MAIN(int, char **); int MAIN(int argc, char **argv) -{ + { ENGINE *e = NULL; char **args, *infile = NULL, *outfile = NULL; char *passargin = NULL, *passargout = NULL; @@ -82,58 +80,107 @@ int MAIN(int argc, char **argv) int informat, outformat; int p8_broken = PKCS8_OK; int nocrypt = 0; - X509_SIG *p8; - PKCS8_PRIV_KEY_INFO *p8inf; - EVP_PKEY *pkey; + X509_SIG *p8 = NULL; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; + int ret = 1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + informat=FORMAT_PEM; outformat=FORMAT_PEM; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); args = argv + 1; - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args,"-v2")) { - if (args[1]) { + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp(*args,"-v2")) + { + if (args[1]) + { args++; cipher=EVP_get_cipherbyname(*args); - if(!cipher) { + if (!cipher) + { BIO_printf(bio_err, "Unknown cipher %s\n", *args); badarg = 1; + } } - } else badarg = 1; - } else if (!strcmp(*args,"-v1")) { - if (args[1]) { + else + badarg = 1; + } + else if (!strcmp(*args,"-v1")) + { + if (args[1]) + { args++; pbe_nid=OBJ_txt2nid(*args); - if(pbe_nid == NID_undef) { + if (pbe_nid == NID_undef) + { BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args); badarg = 1; + } + } + else + badarg = 1; + } + else if (!strcmp(*args,"-v2prf")) + { + if (args[1]) + { + args++; + pbe_nid=OBJ_txt2nid(*args); + if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) + { + BIO_printf(bio_err, + "Unknown PRF algorithm %s\n", *args); + badarg = 1; + } } - } else badarg = 1; - } else if (!strcmp(*args,"-inform")) { - if (args[1]) { + else + badarg = 1; + } + else if (!strcmp(*args,"-inform")) + { + if (args[1]) + { args++; informat=str2fmt(*args); - } else badarg = 1; - } else if (!strcmp(*args,"-outform")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp(*args,"-outform")) + { + if (args[1]) + { args++; outformat=str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-topk8")) topk8 = 1; - else if (!strcmp (*args, "-noiter")) iter = 1; - else if (!strcmp (*args, "-nocrypt")) nocrypt = 1; - else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET; - else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB; - else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM; + } + else badarg = 1; + } + else if (!strcmp (*args, "-topk8")) + topk8 = 1; + else if (!strcmp (*args, "-noiter")) + iter = 1; + else if (!strcmp (*args, "-nocrypt")) + nocrypt = 1; + else if (!strcmp (*args, "-nooct")) + p8_broken = PKCS8_NO_OCTET; + else if (!strcmp (*args, "-nsdb")) + p8_broken = PKCS8_NS_DB; + else if (!strcmp (*args, "-embed")) + p8_broken = PKCS8_EMBEDDED_PARAM; else if (!strcmp(*args,"-passin")) { if (!args[1]) goto bad; @@ -144,26 +191,37 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } - else if (!strcmp (*args, "-in")) { - if (args[1]) { +#endif + else if (!strcmp (*args, "-in")) + { + if (args[1]) + { args++; infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp (*args, "-out")) + { + if (args[1]) + { args++; outfile = *args; - } else badarg = 1; - } else badarg = 1; + } + else badarg = 1; + } + else badarg = 1; args++; - } + } - if (badarg) { + if (badarg) + { bad: BIO_printf(bio_err, "Usage pkcs8 [options]\n"); BIO_printf(bio_err, "where options are\n"); @@ -181,169 +239,174 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); - return (1); - } - - if (engine != NULL) - { - if((e = ENGINE_by_id(engine)) == NULL) - { - BIO_printf(bio_err,"invalid engine \"%s\"\n", - engine); - return (1); - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - { - BIO_printf(bio_err,"can't use that engine\n"); - return (1); - } - BIO_printf(bio_err,"engine \"%s\" set.\n", engine); - /* Free our "structural" reference. */ - ENGINE_free(e); +#endif + goto end; } - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) + { BIO_printf(bio_err, "Error getting passwords\n"); - return (1); - } + goto end; + } - if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; + if ((pbe_nid == -1) && !cipher) + pbe_nid = NID_pbeWithMD5AndDES_CBC; - if (infile) { - if (!(in = BIO_new_file(infile, "rb"))) { + if (infile) + { + if (!(in = BIO_new_file(infile, "rb"))) + { BIO_printf(bio_err, "Can't open input file %s\n", infile); - return (1); + goto end; + } } - } else in = BIO_new_fp (stdin, BIO_NOCLOSE); + else + in = BIO_new_fp (stdin, BIO_NOCLOSE); - if (outfile) { - if (!(out = BIO_new_file (outfile, "wb"))) { + if (outfile) + { + if (!(out = BIO_new_file (outfile, "wb"))) + { BIO_printf(bio_err, "Can't open output file %s\n", outfile); - return (1); + goto end; + } } - } else { - out = BIO_new_fp (stdout, BIO_NOCLOSE); -#ifdef VMS + else { + out = BIO_new_fp (stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); - } + } #endif - } - if (topk8) { - if(informat == FORMAT_PEM) - pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin); - else if(informat == FORMAT_ASN1) - pkey = d2i_PrivateKey_bio(in, NULL); - else { - BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); - } - if (!pkey) { - BIO_printf(bio_err, "Error reading key\n", outfile); - ERR_print_errors(bio_err); - return (1); } - BIO_free(in); - if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + if (topk8) + { + pkey = load_key(bio_err, infile, informat, 1, + passin, e, "key"); + if (!pkey) + goto end; + if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) + { + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); - return (1); - } - if(nocrypt) { - if(outformat == FORMAT_PEM) + goto end; + } + if (nocrypt) + { + if (outformat == FORMAT_PEM) PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - else if(outformat == FORMAT_ASN1) + else if (outformat == FORMAT_ASN1) i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); - else { + else + { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; + } } - } else { - if(passout) p8pass = passout; - else { + else + { + if (passout) + p8pass = passout; + else + { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); - } + if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) + goto end; + } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, p8pass, strlen(p8pass), - NULL, 0, iter, p8inf))) { - BIO_printf(bio_err, "Error encrypting key\n", - outfile); + NULL, 0, iter, p8inf))) + { + BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); - return (1); - } + goto end; + } app_RAND_write_file(NULL, bio_err); - if(outformat == FORMAT_PEM) + if (outformat == FORMAT_PEM) PEM_write_bio_PKCS8(out, p8); - else if(outformat == FORMAT_ASN1) + else if (outformat == FORMAT_ASN1) i2d_PKCS8_bio(out, p8); - else { + else + { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; + } } - X509_SIG_free(p8); + + ret = 0; + goto end; } - PKCS8_PRIV_KEY_INFO_free (p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - if(passin) OPENSSL_free(passin); - if(passout) OPENSSL_free(passout); - return (0); - } - if(nocrypt) { - if(informat == FORMAT_PEM) + if (nocrypt) + { + if (informat == FORMAT_PEM) p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL); - else if(informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); - else { + else + { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; + } } - } else { - if(informat == FORMAT_PEM) + else + { + if (informat == FORMAT_PEM) p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); - else if(informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) p8 = d2i_PKCS8_bio(in, NULL); - else { + else + { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); - } + goto end; + } - if (!p8) { - BIO_printf (bio_err, "Error reading key\n", outfile); + if (!p8) + { + BIO_printf (bio_err, "Error reading key\n"); ERR_print_errors(bio_err); - return (1); - } - if(passin) p8pass = passin; - else { + goto end; + } + if (passin) + p8pass = passin; + else + { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Password:", 0); - } + EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); + } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); - X509_SIG_free(p8); - } + } - if (!p8inf) { - BIO_printf(bio_err, "Error decrypting key\n", outfile); + if (!p8inf) + { + BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err); - return (1); - } + goto end; + } - if (!(pkey = EVP_PKCS82PKEY(p8inf))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + if (!(pkey = EVP_PKCS82PKEY(p8inf))) + { + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); - return (1); - } + goto end; + } - if (p8inf->broken) { + if (p8inf->broken) + { BIO_printf(bio_err, "Warning: broken key encoding: "); - switch (p8inf->broken) { + switch (p8inf->broken) + { case PKCS8_NO_OCTET: BIO_printf(bio_err, "No Octet String in PrivateKey\n"); break; @@ -356,27 +419,37 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); break; + case PKCS8_NEG_PRIVKEY: + BIO_printf(bio_err, "DSA private key value is negative\n"); + break; + default: BIO_printf(bio_err, "Unknown broken type\n"); break; } } - PKCS8_PRIV_KEY_INFO_free(p8inf); - if(outformat == FORMAT_PEM) + if (outformat == FORMAT_PEM) PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); - else if(outformat == FORMAT_ASN1) + else if (outformat == FORMAT_ASN1) i2d_PrivateKey_bio(out, pkey); - else { + else + { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); - } + goto end; + } + ret = 0; + end: + X509_SIG_free(p8); + PKCS8_PRIV_KEY_INFO_free(p8inf); EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); - if(passin) OPENSSL_free(passin); - if(passout) OPENSSL_free(passout); + if (passin) + OPENSSL_free(passin); + if (passout) + OPENSSL_free(passout); - return (0); -} + return ret; + }