diff options
| author | inoguchi <> | 2019-07-23 10:18:32 +0000 |
|---|---|---|
| committer | inoguchi <> | 2019-07-23 10:18:32 +0000 |
| commit | a0c791640cca1f12c159616cf997ff98323e35d3 (patch) | |
| tree | 04cc5c71411a98fc72a7ca578f4e14c84f294d1b | |
| parent | 368e5c8c3550d84dbf0c979497809867e6ed9b56 (diff) | |
| download | openbsd-a0c791640cca1f12c159616cf997ff98323e35d3.tar.gz openbsd-a0c791640cca1f12c159616cf997ff98323e35d3.tar.bz2 openbsd-a0c791640cca1f12c159616cf997ff98323e35d3.zip | |
Moving variables into struct in openssl(1) pkcs12
First step to adapt openssl(1) pkcs12 command to new option handling.
There is no functional changes by this diff, and just moving variables into
pkcs12_config struct.
I still keep long lines more than 80 for this review to minimize diffs.
ok jsing@ tb@
| -rw-r--r-- | src/usr.bin/openssl/pkcs12.c | 261 |
1 files changed, 136 insertions, 125 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c index 2e852cebc7..35a17154f8 100644 --- a/src/usr.bin/openssl/pkcs12.c +++ b/src/usr.bin/openssl/pkcs12.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs12.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */ | 1 | /* $OpenBSD: pkcs12.c,v 1.11 2019/07/23 10:18:32 inoguchi Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -71,8 +71,6 @@ | |||
| 71 | #include <openssl/pem.h> | 71 | #include <openssl/pem.h> |
| 72 | #include <openssl/pkcs12.h> | 72 | #include <openssl/pkcs12.h> |
| 73 | 73 | ||
| 74 | const EVP_CIPHER *enc; | ||
| 75 | |||
| 76 | #define NOKEYS 0x1 | 74 | #define NOKEYS 0x1 |
| 77 | #define NOCERTS 0x2 | 75 | #define NOCERTS 0x2 |
| 78 | #define INFO 0x4 | 76 | #define INFO 0x4 |
| @@ -92,37 +90,46 @@ int alg_print(BIO * x, X509_ALGOR * alg); | |||
| 92 | int cert_load(BIO * in, STACK_OF(X509) * sk); | 90 | int cert_load(BIO * in, STACK_OF(X509) * sk); |
| 93 | static int set_pbe(BIO * err, int *ppbe, const char *str); | 91 | static int set_pbe(BIO * err, int *ppbe, const char *str); |
| 94 | 92 | ||
| 93 | static struct { | ||
| 94 | int add_lmk; | ||
| 95 | char *CAfile; | ||
| 96 | STACK_OF(OPENSSL_STRING) *canames; | ||
| 97 | char *CApath; | ||
| 98 | int cert_pbe; | ||
| 99 | char *certfile; | ||
| 100 | int chain; | ||
| 101 | char *csp_name; | ||
| 102 | const EVP_CIPHER *enc; | ||
| 103 | int export_cert; | ||
| 104 | int key_pbe; | ||
| 105 | char *keyname; | ||
| 106 | int keytype; | ||
| 107 | char *infile; | ||
| 108 | int iter; | ||
| 109 | char *macalg; | ||
| 110 | int maciter; | ||
| 111 | int macver; | ||
| 112 | char *name; | ||
| 113 | int noprompt; | ||
| 114 | int options; | ||
| 115 | char *outfile; | ||
| 116 | char *passarg; | ||
| 117 | char *passargin; | ||
| 118 | char *passargout; | ||
| 119 | int twopass; | ||
| 120 | } pkcs12_config; | ||
| 121 | |||
| 95 | int | 122 | int |
| 96 | pkcs12_main(int argc, char **argv) | 123 | pkcs12_main(int argc, char **argv) |
| 97 | { | 124 | { |
| 98 | char *infile = NULL, *outfile = NULL, *keyname = NULL; | ||
| 99 | char *certfile = NULL; | ||
| 100 | BIO *in = NULL, *out = NULL; | 125 | BIO *in = NULL, *out = NULL; |
| 101 | char **args; | 126 | char **args; |
| 102 | char *name = NULL; | ||
| 103 | char *csp_name = NULL; | ||
| 104 | int add_lmk = 0; | ||
| 105 | PKCS12 *p12 = NULL; | 127 | PKCS12 *p12 = NULL; |
| 106 | char pass[50], macpass[50]; | 128 | char pass[50], macpass[50]; |
| 107 | int export_cert = 0; | ||
| 108 | int options = 0; | ||
| 109 | int chain = 0; | ||
| 110 | int badarg = 0; | 129 | int badarg = 0; |
| 111 | int iter = PKCS12_DEFAULT_ITER; | ||
| 112 | int maciter = PKCS12_DEFAULT_ITER; | ||
| 113 | int twopass = 0; | ||
| 114 | int keytype = 0; | ||
| 115 | int cert_pbe; | ||
| 116 | int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | ||
| 117 | int ret = 1; | 130 | int ret = 1; |
| 118 | int macver = 1; | ||
| 119 | int noprompt = 0; | ||
| 120 | STACK_OF(OPENSSL_STRING) * canames = NULL; | ||
| 121 | char *cpass = NULL, *mpass = NULL; | 131 | char *cpass = NULL, *mpass = NULL; |
| 122 | char *passargin = NULL, *passargout = NULL, *passarg = NULL; | ||
| 123 | char *passin = NULL, *passout = NULL; | 132 | char *passin = NULL, *passout = NULL; |
| 124 | char *macalg = NULL; | ||
| 125 | char *CApath = NULL, *CAfile = NULL; | ||
| 126 | 133 | ||
| 127 | if (single_execution) { | 134 | if (single_execution) { |
| 128 | if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { | 135 | if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { |
| @@ -131,161 +138,165 @@ pkcs12_main(int argc, char **argv) | |||
| 131 | } | 138 | } |
| 132 | } | 139 | } |
| 133 | 140 | ||
| 134 | cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | 141 | memset(&pkcs12_config, 0, sizeof(pkcs12_config)); |
| 135 | 142 | pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | |
| 136 | enc = EVP_des_ede3_cbc(); | 143 | pkcs12_config.enc = EVP_des_ede3_cbc(); |
| 144 | pkcs12_config.iter = PKCS12_DEFAULT_ITER; | ||
| 145 | pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | ||
| 146 | pkcs12_config.maciter = PKCS12_DEFAULT_ITER; | ||
| 147 | pkcs12_config.macver = 1; | ||
| 137 | 148 | ||
| 138 | args = argv + 1; | 149 | args = argv + 1; |
| 139 | 150 | ||
| 140 | while (*args) { | 151 | while (*args) { |
| 141 | if (*args[0] == '-') { | 152 | if (*args[0] == '-') { |
| 142 | if (!strcmp(*args, "-nokeys")) | 153 | if (!strcmp(*args, "-nokeys")) |
| 143 | options |= NOKEYS; | 154 | pkcs12_config.options |= NOKEYS; |
| 144 | else if (!strcmp(*args, "-keyex")) | 155 | else if (!strcmp(*args, "-keyex")) |
| 145 | keytype = KEY_EX; | 156 | pkcs12_config.keytype = KEY_EX; |
| 146 | else if (!strcmp(*args, "-keysig")) | 157 | else if (!strcmp(*args, "-keysig")) |
| 147 | keytype = KEY_SIG; | 158 | pkcs12_config.keytype = KEY_SIG; |
| 148 | else if (!strcmp(*args, "-nocerts")) | 159 | else if (!strcmp(*args, "-nocerts")) |
| 149 | options |= NOCERTS; | 160 | pkcs12_config.options |= NOCERTS; |
| 150 | else if (!strcmp(*args, "-clcerts")) | 161 | else if (!strcmp(*args, "-clcerts")) |
| 151 | options |= CLCERTS; | 162 | pkcs12_config.options |= CLCERTS; |
| 152 | else if (!strcmp(*args, "-cacerts")) | 163 | else if (!strcmp(*args, "-cacerts")) |
| 153 | options |= CACERTS; | 164 | pkcs12_config.options |= CACERTS; |
| 154 | else if (!strcmp(*args, "-noout")) | 165 | else if (!strcmp(*args, "-noout")) |
| 155 | options |= (NOKEYS | NOCERTS); | 166 | pkcs12_config.options |= (NOKEYS | NOCERTS); |
| 156 | else if (!strcmp(*args, "-info")) | 167 | else if (!strcmp(*args, "-info")) |
| 157 | options |= INFO; | 168 | pkcs12_config.options |= INFO; |
| 158 | else if (!strcmp(*args, "-chain")) | 169 | else if (!strcmp(*args, "-chain")) |
| 159 | chain = 1; | 170 | pkcs12_config.chain = 1; |
| 160 | else if (!strcmp(*args, "-twopass")) | 171 | else if (!strcmp(*args, "-twopass")) |
| 161 | twopass = 1; | 172 | pkcs12_config.twopass = 1; |
| 162 | else if (!strcmp(*args, "-nomacver")) | 173 | else if (!strcmp(*args, "-nomacver")) |
| 163 | macver = 0; | 174 | pkcs12_config.macver = 0; |
| 164 | else if (!strcmp(*args, "-descert")) | 175 | else if (!strcmp(*args, "-descert")) |
| 165 | cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 176 | pkcs12_config.cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
| 166 | else if (!strcmp(*args, "-export")) | 177 | else if (!strcmp(*args, "-export")) |
| 167 | export_cert = 1; | 178 | pkcs12_config.export_cert = 1; |
| 168 | else if (!strcmp(*args, "-des")) | 179 | else if (!strcmp(*args, "-des")) |
| 169 | enc = EVP_des_cbc(); | 180 | pkcs12_config.enc = EVP_des_cbc(); |
| 170 | else if (!strcmp(*args, "-des3")) | 181 | else if (!strcmp(*args, "-des3")) |
| 171 | enc = EVP_des_ede3_cbc(); | 182 | pkcs12_config.enc = EVP_des_ede3_cbc(); |
| 172 | #ifndef OPENSSL_NO_IDEA | 183 | #ifndef OPENSSL_NO_IDEA |
| 173 | else if (!strcmp(*args, "-idea")) | 184 | else if (!strcmp(*args, "-idea")) |
| 174 | enc = EVP_idea_cbc(); | 185 | pkcs12_config.enc = EVP_idea_cbc(); |
| 175 | #endif | 186 | #endif |
| 176 | #ifndef OPENSSL_NO_AES | 187 | #ifndef OPENSSL_NO_AES |
| 177 | else if (!strcmp(*args, "-aes128")) | 188 | else if (!strcmp(*args, "-aes128")) |
| 178 | enc = EVP_aes_128_cbc(); | 189 | pkcs12_config.enc = EVP_aes_128_cbc(); |
| 179 | else if (!strcmp(*args, "-aes192")) | 190 | else if (!strcmp(*args, "-aes192")) |
| 180 | enc = EVP_aes_192_cbc(); | 191 | pkcs12_config.enc = EVP_aes_192_cbc(); |
| 181 | else if (!strcmp(*args, "-aes256")) | 192 | else if (!strcmp(*args, "-aes256")) |
| 182 | enc = EVP_aes_256_cbc(); | 193 | pkcs12_config.enc = EVP_aes_256_cbc(); |
| 183 | #endif | 194 | #endif |
| 184 | #ifndef OPENSSL_NO_CAMELLIA | 195 | #ifndef OPENSSL_NO_CAMELLIA |
| 185 | else if (!strcmp(*args, "-camellia128")) | 196 | else if (!strcmp(*args, "-camellia128")) |
| 186 | enc = EVP_camellia_128_cbc(); | 197 | pkcs12_config.enc = EVP_camellia_128_cbc(); |
| 187 | else if (!strcmp(*args, "-camellia192")) | 198 | else if (!strcmp(*args, "-camellia192")) |
| 188 | enc = EVP_camellia_192_cbc(); | 199 | pkcs12_config.enc = EVP_camellia_192_cbc(); |
| 189 | else if (!strcmp(*args, "-camellia256")) | 200 | else if (!strcmp(*args, "-camellia256")) |
| 190 | enc = EVP_camellia_256_cbc(); | 201 | pkcs12_config.enc = EVP_camellia_256_cbc(); |
| 191 | #endif | 202 | #endif |
| 192 | else if (!strcmp(*args, "-noiter")) | 203 | else if (!strcmp(*args, "-noiter")) |
| 193 | iter = 1; | 204 | pkcs12_config.iter = 1; |
| 194 | else if (!strcmp(*args, "-maciter")) | 205 | else if (!strcmp(*args, "-maciter")) |
| 195 | maciter = PKCS12_DEFAULT_ITER; | 206 | pkcs12_config.maciter = PKCS12_DEFAULT_ITER; |
| 196 | else if (!strcmp(*args, "-nomaciter")) | 207 | else if (!strcmp(*args, "-nomaciter")) |
| 197 | maciter = 1; | 208 | pkcs12_config.maciter = 1; |
| 198 | else if (!strcmp(*args, "-nomac")) | 209 | else if (!strcmp(*args, "-nomac")) |
| 199 | maciter = -1; | 210 | pkcs12_config.maciter = -1; |
| 200 | else if (!strcmp(*args, "-macalg")) | 211 | else if (!strcmp(*args, "-macalg")) |
| 201 | if (args[1]) { | 212 | if (args[1]) { |
| 202 | args++; | 213 | args++; |
| 203 | macalg = *args; | 214 | pkcs12_config.macalg = *args; |
| 204 | } else | 215 | } else |
| 205 | badarg = 1; | 216 | badarg = 1; |
| 206 | else if (!strcmp(*args, "-nodes")) | 217 | else if (!strcmp(*args, "-nodes")) |
| 207 | enc = NULL; | 218 | pkcs12_config.enc = NULL; |
| 208 | else if (!strcmp(*args, "-certpbe")) { | 219 | else if (!strcmp(*args, "-certpbe")) { |
| 209 | if (!set_pbe(bio_err, &cert_pbe, *++args)) | 220 | if (!set_pbe(bio_err, &pkcs12_config.cert_pbe, *++args)) |
| 210 | badarg = 1; | 221 | badarg = 1; |
| 211 | } else if (!strcmp(*args, "-keypbe")) { | 222 | } else if (!strcmp(*args, "-keypbe")) { |
| 212 | if (!set_pbe(bio_err, &key_pbe, *++args)) | 223 | if (!set_pbe(bio_err, &pkcs12_config.key_pbe, *++args)) |
| 213 | badarg = 1; | 224 | badarg = 1; |
| 214 | } else if (!strcmp(*args, "-inkey")) { | 225 | } else if (!strcmp(*args, "-inkey")) { |
| 215 | if (args[1]) { | 226 | if (args[1]) { |
| 216 | args++; | 227 | args++; |
| 217 | keyname = *args; | 228 | pkcs12_config.keyname = *args; |
| 218 | } else | 229 | } else |
| 219 | badarg = 1; | 230 | badarg = 1; |
| 220 | } else if (!strcmp(*args, "-certfile")) { | 231 | } else if (!strcmp(*args, "-certfile")) { |
| 221 | if (args[1]) { | 232 | if (args[1]) { |
| 222 | args++; | 233 | args++; |
| 223 | certfile = *args; | 234 | pkcs12_config.certfile = *args; |
| 224 | } else | 235 | } else |
| 225 | badarg = 1; | 236 | badarg = 1; |
| 226 | } else if (!strcmp(*args, "-name")) { | 237 | } else if (!strcmp(*args, "-name")) { |
| 227 | if (args[1]) { | 238 | if (args[1]) { |
| 228 | args++; | 239 | args++; |
| 229 | name = *args; | 240 | pkcs12_config.name = *args; |
| 230 | } else | 241 | } else |
| 231 | badarg = 1; | 242 | badarg = 1; |
| 232 | } else if (!strcmp(*args, "-LMK")) | 243 | } else if (!strcmp(*args, "-LMK")) |
| 233 | add_lmk = 1; | 244 | pkcs12_config.add_lmk = 1; |
| 234 | else if (!strcmp(*args, "-CSP")) { | 245 | else if (!strcmp(*args, "-CSP")) { |
| 235 | if (args[1]) { | 246 | if (args[1]) { |
| 236 | args++; | 247 | args++; |
| 237 | csp_name = *args; | 248 | pkcs12_config.csp_name = *args; |
| 238 | } else | 249 | } else |
| 239 | badarg = 1; | 250 | badarg = 1; |
| 240 | } else if (!strcmp(*args, "-caname")) { | 251 | } else if (!strcmp(*args, "-caname")) { |
| 241 | if (args[1]) { | 252 | if (args[1]) { |
| 242 | args++; | 253 | args++; |
| 243 | if (!canames) | 254 | if (!pkcs12_config.canames) |
| 244 | canames = sk_OPENSSL_STRING_new_null(); | 255 | pkcs12_config.canames = sk_OPENSSL_STRING_new_null(); |
| 245 | sk_OPENSSL_STRING_push(canames, *args); | 256 | sk_OPENSSL_STRING_push(pkcs12_config.canames, *args); |
| 246 | } else | 257 | } else |
| 247 | badarg = 1; | 258 | badarg = 1; |
| 248 | } else if (!strcmp(*args, "-in")) { | 259 | } else if (!strcmp(*args, "-in")) { |
| 249 | if (args[1]) { | 260 | if (args[1]) { |
| 250 | args++; | 261 | args++; |
| 251 | infile = *args; | 262 | pkcs12_config.infile = *args; |
| 252 | } else | 263 | } else |
| 253 | badarg = 1; | 264 | badarg = 1; |
| 254 | } else if (!strcmp(*args, "-out")) { | 265 | } else if (!strcmp(*args, "-out")) { |
| 255 | if (args[1]) { | 266 | if (args[1]) { |
| 256 | args++; | 267 | args++; |
| 257 | outfile = *args; | 268 | pkcs12_config.outfile = *args; |
| 258 | } else | 269 | } else |
| 259 | badarg = 1; | 270 | badarg = 1; |
| 260 | } else if (!strcmp(*args, "-passin")) { | 271 | } else if (!strcmp(*args, "-passin")) { |
| 261 | if (args[1]) { | 272 | if (args[1]) { |
| 262 | args++; | 273 | args++; |
| 263 | passargin = *args; | 274 | pkcs12_config.passargin = *args; |
| 264 | } else | 275 | } else |
| 265 | badarg = 1; | 276 | badarg = 1; |
| 266 | } else if (!strcmp(*args, "-passout")) { | 277 | } else if (!strcmp(*args, "-passout")) { |
| 267 | if (args[1]) { | 278 | if (args[1]) { |
| 268 | args++; | 279 | args++; |
| 269 | passargout = *args; | 280 | pkcs12_config.passargout = *args; |
| 270 | } else | 281 | } else |
| 271 | badarg = 1; | 282 | badarg = 1; |
| 272 | } else if (!strcmp(*args, "-password")) { | 283 | } else if (!strcmp(*args, "-password")) { |
| 273 | if (args[1]) { | 284 | if (args[1]) { |
| 274 | args++; | 285 | args++; |
| 275 | passarg = *args; | 286 | pkcs12_config.passarg = *args; |
| 276 | noprompt = 1; | 287 | pkcs12_config.noprompt = 1; |
| 277 | } else | 288 | } else |
| 278 | badarg = 1; | 289 | badarg = 1; |
| 279 | } else if (!strcmp(*args, "-CApath")) { | 290 | } else if (!strcmp(*args, "-CApath")) { |
| 280 | if (args[1]) { | 291 | if (args[1]) { |
| 281 | args++; | 292 | args++; |
| 282 | CApath = *args; | 293 | pkcs12_config.CApath = *args; |
| 283 | } else | 294 | } else |
| 284 | badarg = 1; | 295 | badarg = 1; |
| 285 | } else if (!strcmp(*args, "-CAfile")) { | 296 | } else if (!strcmp(*args, "-CAfile")) { |
| 286 | if (args[1]) { | 297 | if (args[1]) { |
| 287 | args++; | 298 | args++; |
| 288 | CAfile = *args; | 299 | pkcs12_config.CAfile = *args; |
| 289 | } else | 300 | } else |
| 290 | badarg = 1; | 301 | badarg = 1; |
| 291 | } else | 302 | } else |
| @@ -349,58 +360,58 @@ pkcs12_main(int argc, char **argv) | |||
| 349 | goto end; | 360 | goto end; |
| 350 | } | 361 | } |
| 351 | 362 | ||
| 352 | if (passarg) { | 363 | if (pkcs12_config.passarg) { |
| 353 | if (export_cert) | 364 | if (pkcs12_config.export_cert) |
| 354 | passargout = passarg; | 365 | pkcs12_config.passargout = pkcs12_config.passarg; |
| 355 | else | 366 | else |
| 356 | passargin = passarg; | 367 | pkcs12_config.passargin = pkcs12_config.passarg; |
| 357 | } | 368 | } |
| 358 | if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { | 369 | if (!app_passwd(bio_err, pkcs12_config.passargin, pkcs12_config.passargout, &passin, &passout)) { |
| 359 | BIO_printf(bio_err, "Error getting passwords\n"); | 370 | BIO_printf(bio_err, "Error getting passwords\n"); |
| 360 | goto end; | 371 | goto end; |
| 361 | } | 372 | } |
| 362 | if (!cpass) { | 373 | if (!cpass) { |
| 363 | if (export_cert) | 374 | if (pkcs12_config.export_cert) |
| 364 | cpass = passout; | 375 | cpass = passout; |
| 365 | else | 376 | else |
| 366 | cpass = passin; | 377 | cpass = passin; |
| 367 | } | 378 | } |
| 368 | if (cpass) { | 379 | if (cpass) { |
| 369 | mpass = cpass; | 380 | mpass = cpass; |
| 370 | noprompt = 1; | 381 | pkcs12_config.noprompt = 1; |
| 371 | } else { | 382 | } else { |
| 372 | cpass = pass; | 383 | cpass = pass; |
| 373 | mpass = macpass; | 384 | mpass = macpass; |
| 374 | } | 385 | } |
| 375 | 386 | ||
| 376 | if (!infile) | 387 | if (!pkcs12_config.infile) |
| 377 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 388 | in = BIO_new_fp(stdin, BIO_NOCLOSE); |
| 378 | else | 389 | else |
| 379 | in = BIO_new_file(infile, "rb"); | 390 | in = BIO_new_file(pkcs12_config.infile, "rb"); |
| 380 | if (!in) { | 391 | if (!in) { |
| 381 | BIO_printf(bio_err, "Error opening input file %s\n", | 392 | BIO_printf(bio_err, "Error opening input file %s\n", |
| 382 | infile ? infile : "<stdin>"); | 393 | pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); |
| 383 | perror(infile); | 394 | perror(pkcs12_config.infile); |
| 384 | goto end; | 395 | goto end; |
| 385 | } | 396 | } |
| 386 | 397 | ||
| 387 | if (!outfile) { | 398 | if (!pkcs12_config.outfile) { |
| 388 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 399 | out = BIO_new_fp(stdout, BIO_NOCLOSE); |
| 389 | } else | 400 | } else |
| 390 | out = BIO_new_file(outfile, "wb"); | 401 | out = BIO_new_file(pkcs12_config.outfile, "wb"); |
| 391 | if (!out) { | 402 | if (!out) { |
| 392 | BIO_printf(bio_err, "Error opening output file %s\n", | 403 | BIO_printf(bio_err, "Error opening output file %s\n", |
| 393 | outfile ? outfile : "<stdout>"); | 404 | pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); |
| 394 | perror(outfile); | 405 | perror(pkcs12_config.outfile); |
| 395 | goto end; | 406 | goto end; |
| 396 | } | 407 | } |
| 397 | if (twopass) { | 408 | if (pkcs12_config.twopass) { |
| 398 | if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { | 409 | if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", pkcs12_config.export_cert)) { |
| 399 | BIO_printf(bio_err, "Can't read Password\n"); | 410 | BIO_printf(bio_err, "Can't read Password\n"); |
| 400 | goto end; | 411 | goto end; |
| 401 | } | 412 | } |
| 402 | } | 413 | } |
| 403 | if (export_cert) { | 414 | if (pkcs12_config.export_cert) { |
| 404 | EVP_PKEY *key = NULL; | 415 | EVP_PKEY *key = NULL; |
| 405 | X509 *ucert = NULL, *x = NULL; | 416 | X509 *ucert = NULL, *x = NULL; |
| 406 | STACK_OF(X509) * certs = NULL; | 417 | STACK_OF(X509) * certs = NULL; |
| @@ -408,23 +419,23 @@ pkcs12_main(int argc, char **argv) | |||
| 408 | unsigned char *catmp = NULL; | 419 | unsigned char *catmp = NULL; |
| 409 | int i; | 420 | int i; |
| 410 | 421 | ||
| 411 | if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { | 422 | if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { |
| 412 | BIO_printf(bio_err, "Nothing to do!\n"); | 423 | BIO_printf(bio_err, "Nothing to do!\n"); |
| 413 | goto export_end; | 424 | goto export_end; |
| 414 | } | 425 | } |
| 415 | if (options & NOCERTS) | 426 | if (pkcs12_config.options & NOCERTS) |
| 416 | chain = 0; | 427 | pkcs12_config.chain = 0; |
| 417 | 428 | ||
| 418 | if (!(options & NOKEYS)) { | 429 | if (!(pkcs12_config.options & NOKEYS)) { |
| 419 | key = load_key(bio_err, keyname ? keyname : infile, | 430 | key = load_key(bio_err, pkcs12_config.keyname ? pkcs12_config.keyname : pkcs12_config.infile, |
| 420 | FORMAT_PEM, 1, passin, "private key"); | 431 | FORMAT_PEM, 1, passin, "private key"); |
| 421 | if (!key) | 432 | if (!key) |
| 422 | goto export_end; | 433 | goto export_end; |
| 423 | } | 434 | } |
| 424 | 435 | ||
| 425 | /* Load in all certs in input file */ | 436 | /* Load in all certs in input file */ |
| 426 | if (!(options & NOCERTS)) { | 437 | if (!(pkcs12_config.options & NOCERTS)) { |
| 427 | certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, | 438 | certs = load_certs(bio_err, pkcs12_config.infile, FORMAT_PEM, NULL, |
| 428 | "certificates"); | 439 | "certificates"); |
| 429 | if (!certs) | 440 | if (!certs) |
| 430 | goto export_end; | 441 | goto export_end; |
| @@ -451,9 +462,9 @@ pkcs12_main(int argc, char **argv) | |||
| 451 | } | 462 | } |
| 452 | 463 | ||
| 453 | /* Add any more certificates asked for */ | 464 | /* Add any more certificates asked for */ |
| 454 | if (certfile) { | 465 | if (pkcs12_config.certfile) { |
| 455 | STACK_OF(X509) * morecerts = NULL; | 466 | STACK_OF(X509) * morecerts = NULL; |
| 456 | if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, | 467 | if (!(morecerts = load_certs(bio_err, pkcs12_config.certfile, FORMAT_PEM, |
| 457 | NULL, "certificates from certfile"))) | 468 | NULL, "certificates from certfile"))) |
| 458 | goto export_end; | 469 | goto export_end; |
| 459 | while (sk_X509_num(morecerts) > 0) | 470 | while (sk_X509_num(morecerts) > 0) |
| @@ -463,7 +474,7 @@ pkcs12_main(int argc, char **argv) | |||
| 463 | 474 | ||
| 464 | 475 | ||
| 465 | /* If chaining get chain from user cert */ | 476 | /* If chaining get chain from user cert */ |
| 466 | if (chain) { | 477 | if (pkcs12_config.chain) { |
| 467 | int vret; | 478 | int vret; |
| 468 | STACK_OF(X509) * chain2; | 479 | STACK_OF(X509) * chain2; |
| 469 | X509_STORE *store = X509_STORE_new(); | 480 | X509_STORE *store = X509_STORE_new(); |
| @@ -471,7 +482,7 @@ pkcs12_main(int argc, char **argv) | |||
| 471 | BIO_printf(bio_err, "Memory allocation error\n"); | 482 | BIO_printf(bio_err, "Memory allocation error\n"); |
| 472 | goto export_end; | 483 | goto export_end; |
| 473 | } | 484 | } |
| 474 | if (!X509_STORE_load_locations(store, CAfile, CApath)) | 485 | if (!X509_STORE_load_locations(store, pkcs12_config.CAfile, pkcs12_config.CApath)) |
| 475 | X509_STORE_set_default_paths(store); | 486 | X509_STORE_set_default_paths(store); |
| 476 | 487 | ||
| 477 | vret = get_cert_chain(ucert, store, &chain2); | 488 | vret = get_cert_chain(ucert, store, &chain2); |
| @@ -495,44 +506,44 @@ pkcs12_main(int argc, char **argv) | |||
| 495 | } | 506 | } |
| 496 | /* Add any CA names */ | 507 | /* Add any CA names */ |
| 497 | 508 | ||
| 498 | for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { | 509 | for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); i++) { |
| 499 | catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i); | 510 | catmp = (unsigned char *) sk_OPENSSL_STRING_value(pkcs12_config.canames, i); |
| 500 | X509_alias_set1(sk_X509_value(certs, i), catmp, -1); | 511 | X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
| 501 | } | 512 | } |
| 502 | 513 | ||
| 503 | if (csp_name && key) | 514 | if (pkcs12_config.csp_name && key) |
| 504 | EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, | 515 | EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
| 505 | MBSTRING_ASC, (unsigned char *) csp_name, -1); | 516 | MBSTRING_ASC, (unsigned char *) pkcs12_config.csp_name, -1); |
| 506 | 517 | ||
| 507 | if (add_lmk && key) | 518 | if (pkcs12_config.add_lmk && key) |
| 508 | EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); | 519 | EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
| 509 | 520 | ||
| 510 | 521 | ||
| 511 | if (!noprompt && | 522 | if (!pkcs12_config.noprompt && |
| 512 | EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { | 523 | EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { |
| 513 | BIO_printf(bio_err, "Can't read Password\n"); | 524 | BIO_printf(bio_err, "Can't read Password\n"); |
| 514 | goto export_end; | 525 | goto export_end; |
| 515 | } | 526 | } |
| 516 | if (!twopass) | 527 | if (!pkcs12_config.twopass) |
| 517 | strlcpy(macpass, pass, sizeof macpass); | 528 | strlcpy(macpass, pass, sizeof macpass); |
| 518 | 529 | ||
| 519 | 530 | ||
| 520 | p12 = PKCS12_create(cpass, name, key, ucert, certs, | 531 | p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, certs, |
| 521 | key_pbe, cert_pbe, iter, -1, keytype); | 532 | pkcs12_config.key_pbe, pkcs12_config.cert_pbe, pkcs12_config.iter, -1, pkcs12_config.keytype); |
| 522 | 533 | ||
| 523 | if (!p12) { | 534 | if (!p12) { |
| 524 | ERR_print_errors(bio_err); | 535 | ERR_print_errors(bio_err); |
| 525 | goto export_end; | 536 | goto export_end; |
| 526 | } | 537 | } |
| 527 | if (macalg) { | 538 | if (pkcs12_config.macalg) { |
| 528 | macmd = EVP_get_digestbyname(macalg); | 539 | macmd = EVP_get_digestbyname(pkcs12_config.macalg); |
| 529 | if (!macmd) { | 540 | if (!macmd) { |
| 530 | BIO_printf(bio_err, "Unknown digest algorithm %s\n", | 541 | BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
| 531 | macalg); | 542 | pkcs12_config.macalg); |
| 532 | } | 543 | } |
| 533 | } | 544 | } |
| 534 | if (maciter != -1) | 545 | if (pkcs12_config.maciter != -1) |
| 535 | PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); | 546 | PKCS12_set_mac(p12, mpass, -1, NULL, 0, pkcs12_config.maciter, macmd); |
| 536 | 547 | ||
| 537 | 548 | ||
| 538 | i2d_PKCS12_bio(out, p12); | 549 | i2d_PKCS12_bio(out, p12); |
| @@ -555,21 +566,21 @@ export_end: | |||
| 555 | ERR_print_errors(bio_err); | 566 | ERR_print_errors(bio_err); |
| 556 | goto end; | 567 | goto end; |
| 557 | } | 568 | } |
| 558 | if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { | 569 | if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { |
| 559 | BIO_printf(bio_err, "Can't read Password\n"); | 570 | BIO_printf(bio_err, "Can't read Password\n"); |
| 560 | goto end; | 571 | goto end; |
| 561 | } | 572 | } |
| 562 | 573 | ||
| 563 | if (!twopass) | 574 | if (!pkcs12_config.twopass) |
| 564 | strlcpy(macpass, pass, sizeof macpass); | 575 | strlcpy(macpass, pass, sizeof macpass); |
| 565 | 576 | ||
| 566 | if ((options & INFO) && p12->mac) | 577 | if ((pkcs12_config.options & INFO) && p12->mac) |
| 567 | BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); | 578 | BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); |
| 568 | if (macver) { | 579 | if (pkcs12_config.macver) { |
| 569 | /* If we enter empty password try no password first */ | 580 | /* If we enter empty password try no password first */ |
| 570 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 581 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
| 571 | /* If mac and crypto pass the same set it to NULL too */ | 582 | /* If mac and crypto pass the same set it to NULL too */ |
| 572 | if (!twopass) | 583 | if (!pkcs12_config.twopass) |
| 573 | cpass = NULL; | 584 | cpass = NULL; |
| 574 | } else if (!PKCS12_verify_mac(p12, mpass, -1)) { | 585 | } else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
| 575 | BIO_printf(bio_err, "Mac verify error: invalid password?\n"); | 586 | BIO_printf(bio_err, "Mac verify error: invalid password?\n"); |
| @@ -578,7 +589,7 @@ export_end: | |||
| 578 | } | 589 | } |
| 579 | BIO_printf(bio_err, "MAC verified OK\n"); | 590 | BIO_printf(bio_err, "MAC verified OK\n"); |
| 580 | } | 591 | } |
| 581 | if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) { | 592 | if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, passout)) { |
| 582 | BIO_printf(bio_err, "Error outputting keys and certificates\n"); | 593 | BIO_printf(bio_err, "Error outputting keys and certificates\n"); |
| 583 | ERR_print_errors(bio_err); | 594 | ERR_print_errors(bio_err); |
| 584 | goto end; | 595 | goto end; |
| @@ -589,8 +600,8 @@ export_end: | |||
| 589 | PKCS12_free(p12); | 600 | PKCS12_free(p12); |
| 590 | BIO_free(in); | 601 | BIO_free(in); |
| 591 | BIO_free_all(out); | 602 | BIO_free_all(out); |
| 592 | if (canames) | 603 | if (pkcs12_config.canames) |
| 593 | sk_OPENSSL_STRING_free(canames); | 604 | sk_OPENSSL_STRING_free(pkcs12_config.canames); |
| 594 | free(passin); | 605 | free(passin); |
| 595 | free(passout); | 606 | free(passout); |
| 596 | 607 | ||
| @@ -678,7 +689,7 @@ dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass, | |||
| 678 | if (!(pkey = EVP_PKCS82PKEY(p8))) | 689 | if (!(pkey = EVP_PKCS82PKEY(p8))) |
| 679 | return 0; | 690 | return 0; |
| 680 | print_attribs(out, p8->attributes, "Key Attributes"); | 691 | print_attribs(out, p8->attributes, "Key Attributes"); |
| 681 | PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); | 692 | PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); |
| 682 | EVP_PKEY_free(pkey); | 693 | EVP_PKEY_free(pkey); |
| 683 | break; | 694 | break; |
| 684 | 695 | ||
| @@ -698,7 +709,7 @@ dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass, | |||
| 698 | } | 709 | } |
| 699 | print_attribs(out, p8->attributes, "Key Attributes"); | 710 | print_attribs(out, p8->attributes, "Key Attributes"); |
| 700 | PKCS8_PRIV_KEY_INFO_free(p8); | 711 | PKCS8_PRIV_KEY_INFO_free(p8); |
| 701 | PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); | 712 | PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); |
| 702 | EVP_PKEY_free(pkey); | 713 | EVP_PKEY_free(pkey); |
| 703 | break; | 714 | break; |
| 704 | 715 | ||