summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/pkcs12.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/pkcs12.c')
-rw-r--r--src/usr.bin/openssl/pkcs12.c261
1 files changed, 136 insertions, 125 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 2e852cebc7..35a17154f8 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.11 2019/07/23 10:18:32 inoguchi Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -71,8 +71,6 @@
71#include <openssl/pem.h> 71#include <openssl/pem.h>
72#include <openssl/pkcs12.h> 72#include <openssl/pkcs12.h>
73 73
74const EVP_CIPHER *enc;
75
76#define NOKEYS 0x1 74#define NOKEYS 0x1
77#define NOCERTS 0x2 75#define NOCERTS 0x2
78#define INFO 0x4 76#define INFO 0x4
@@ -92,37 +90,46 @@ int alg_print(BIO * x, X509_ALGOR * alg);
92int cert_load(BIO * in, STACK_OF(X509) * sk); 90int cert_load(BIO * in, STACK_OF(X509) * sk);
93static int set_pbe(BIO * err, int *ppbe, const char *str); 91static int set_pbe(BIO * err, int *ppbe, const char *str);
94 92
93static struct {
94 int add_lmk;
95 char *CAfile;
96 STACK_OF(OPENSSL_STRING) *canames;
97 char *CApath;
98 int cert_pbe;
99 char *certfile;
100 int chain;
101 char *csp_name;
102 const EVP_CIPHER *enc;
103 int export_cert;
104 int key_pbe;
105 char *keyname;
106 int keytype;
107 char *infile;
108 int iter;
109 char *macalg;
110 int maciter;
111 int macver;
112 char *name;
113 int noprompt;
114 int options;
115 char *outfile;
116 char *passarg;
117 char *passargin;
118 char *passargout;
119 int twopass;
120} pkcs12_config;
121
95int 122int
96pkcs12_main(int argc, char **argv) 123pkcs12_main(int argc, char **argv)
97{ 124{
98 char *infile = NULL, *outfile = NULL, *keyname = NULL;
99 char *certfile = NULL;
100 BIO *in = NULL, *out = NULL; 125 BIO *in = NULL, *out = NULL;
101 char **args; 126 char **args;
102 char *name = NULL;
103 char *csp_name = NULL;
104 int add_lmk = 0;
105 PKCS12 *p12 = NULL; 127 PKCS12 *p12 = NULL;
106 char pass[50], macpass[50]; 128 char pass[50], macpass[50];
107 int export_cert = 0;
108 int options = 0;
109 int chain = 0;
110 int badarg = 0; 129 int badarg = 0;
111 int iter = PKCS12_DEFAULT_ITER;
112 int maciter = PKCS12_DEFAULT_ITER;
113 int twopass = 0;
114 int keytype = 0;
115 int cert_pbe;
116 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
117 int ret = 1; 130 int ret = 1;
118 int macver = 1;
119 int noprompt = 0;
120 STACK_OF(OPENSSL_STRING) * canames = NULL;
121 char *cpass = NULL, *mpass = NULL; 131 char *cpass = NULL, *mpass = NULL;
122 char *passargin = NULL, *passargout = NULL, *passarg = NULL;
123 char *passin = NULL, *passout = NULL; 132 char *passin = NULL, *passout = NULL;
124 char *macalg = NULL;
125 char *CApath = NULL, *CAfile = NULL;
126 133
127 if (single_execution) { 134 if (single_execution) {
128 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 135 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -131,161 +138,165 @@ pkcs12_main(int argc, char **argv)
131 } 138 }
132 } 139 }
133 140
134 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 141 memset(&pkcs12_config, 0, sizeof(pkcs12_config));
135 142 pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
136 enc = EVP_des_ede3_cbc(); 143 pkcs12_config.enc = EVP_des_ede3_cbc();
144 pkcs12_config.iter = PKCS12_DEFAULT_ITER;
145 pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
146 pkcs12_config.maciter = PKCS12_DEFAULT_ITER;
147 pkcs12_config.macver = 1;
137 148
138 args = argv + 1; 149 args = argv + 1;
139 150
140 while (*args) { 151 while (*args) {
141 if (*args[0] == '-') { 152 if (*args[0] == '-') {
142 if (!strcmp(*args, "-nokeys")) 153 if (!strcmp(*args, "-nokeys"))
143 options |= NOKEYS; 154 pkcs12_config.options |= NOKEYS;
144 else if (!strcmp(*args, "-keyex")) 155 else if (!strcmp(*args, "-keyex"))
145 keytype = KEY_EX; 156 pkcs12_config.keytype = KEY_EX;
146 else if (!strcmp(*args, "-keysig")) 157 else if (!strcmp(*args, "-keysig"))
147 keytype = KEY_SIG; 158 pkcs12_config.keytype = KEY_SIG;
148 else if (!strcmp(*args, "-nocerts")) 159 else if (!strcmp(*args, "-nocerts"))
149 options |= NOCERTS; 160 pkcs12_config.options |= NOCERTS;
150 else if (!strcmp(*args, "-clcerts")) 161 else if (!strcmp(*args, "-clcerts"))
151 options |= CLCERTS; 162 pkcs12_config.options |= CLCERTS;
152 else if (!strcmp(*args, "-cacerts")) 163 else if (!strcmp(*args, "-cacerts"))
153 options |= CACERTS; 164 pkcs12_config.options |= CACERTS;
154 else if (!strcmp(*args, "-noout")) 165 else if (!strcmp(*args, "-noout"))
155 options |= (NOKEYS | NOCERTS); 166 pkcs12_config.options |= (NOKEYS | NOCERTS);
156 else if (!strcmp(*args, "-info")) 167 else if (!strcmp(*args, "-info"))
157 options |= INFO; 168 pkcs12_config.options |= INFO;
158 else if (!strcmp(*args, "-chain")) 169 else if (!strcmp(*args, "-chain"))
159 chain = 1; 170 pkcs12_config.chain = 1;
160 else if (!strcmp(*args, "-twopass")) 171 else if (!strcmp(*args, "-twopass"))
161 twopass = 1; 172 pkcs12_config.twopass = 1;
162 else if (!strcmp(*args, "-nomacver")) 173 else if (!strcmp(*args, "-nomacver"))
163 macver = 0; 174 pkcs12_config.macver = 0;
164 else if (!strcmp(*args, "-descert")) 175 else if (!strcmp(*args, "-descert"))
165 cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 176 pkcs12_config.cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
166 else if (!strcmp(*args, "-export")) 177 else if (!strcmp(*args, "-export"))
167 export_cert = 1; 178 pkcs12_config.export_cert = 1;
168 else if (!strcmp(*args, "-des")) 179 else if (!strcmp(*args, "-des"))
169 enc = EVP_des_cbc(); 180 pkcs12_config.enc = EVP_des_cbc();
170 else if (!strcmp(*args, "-des3")) 181 else if (!strcmp(*args, "-des3"))
171 enc = EVP_des_ede3_cbc(); 182 pkcs12_config.enc = EVP_des_ede3_cbc();
172#ifndef OPENSSL_NO_IDEA 183#ifndef OPENSSL_NO_IDEA
173 else if (!strcmp(*args, "-idea")) 184 else if (!strcmp(*args, "-idea"))
174 enc = EVP_idea_cbc(); 185 pkcs12_config.enc = EVP_idea_cbc();
175#endif 186#endif
176#ifndef OPENSSL_NO_AES 187#ifndef OPENSSL_NO_AES
177 else if (!strcmp(*args, "-aes128")) 188 else if (!strcmp(*args, "-aes128"))
178 enc = EVP_aes_128_cbc(); 189 pkcs12_config.enc = EVP_aes_128_cbc();
179 else if (!strcmp(*args, "-aes192")) 190 else if (!strcmp(*args, "-aes192"))
180 enc = EVP_aes_192_cbc(); 191 pkcs12_config.enc = EVP_aes_192_cbc();
181 else if (!strcmp(*args, "-aes256")) 192 else if (!strcmp(*args, "-aes256"))
182 enc = EVP_aes_256_cbc(); 193 pkcs12_config.enc = EVP_aes_256_cbc();
183#endif 194#endif
184#ifndef OPENSSL_NO_CAMELLIA 195#ifndef OPENSSL_NO_CAMELLIA
185 else if (!strcmp(*args, "-camellia128")) 196 else if (!strcmp(*args, "-camellia128"))
186 enc = EVP_camellia_128_cbc(); 197 pkcs12_config.enc = EVP_camellia_128_cbc();
187 else if (!strcmp(*args, "-camellia192")) 198 else if (!strcmp(*args, "-camellia192"))
188 enc = EVP_camellia_192_cbc(); 199 pkcs12_config.enc = EVP_camellia_192_cbc();
189 else if (!strcmp(*args, "-camellia256")) 200 else if (!strcmp(*args, "-camellia256"))
190 enc = EVP_camellia_256_cbc(); 201 pkcs12_config.enc = EVP_camellia_256_cbc();
191#endif 202#endif
192 else if (!strcmp(*args, "-noiter")) 203 else if (!strcmp(*args, "-noiter"))
193 iter = 1; 204 pkcs12_config.iter = 1;
194 else if (!strcmp(*args, "-maciter")) 205 else if (!strcmp(*args, "-maciter"))
195 maciter = PKCS12_DEFAULT_ITER; 206 pkcs12_config.maciter = PKCS12_DEFAULT_ITER;
196 else if (!strcmp(*args, "-nomaciter")) 207 else if (!strcmp(*args, "-nomaciter"))
197 maciter = 1; 208 pkcs12_config.maciter = 1;
198 else if (!strcmp(*args, "-nomac")) 209 else if (!strcmp(*args, "-nomac"))
199 maciter = -1; 210 pkcs12_config.maciter = -1;
200 else if (!strcmp(*args, "-macalg")) 211 else if (!strcmp(*args, "-macalg"))
201 if (args[1]) { 212 if (args[1]) {
202 args++; 213 args++;
203 macalg = *args; 214 pkcs12_config.macalg = *args;
204 } else 215 } else
205 badarg = 1; 216 badarg = 1;
206 else if (!strcmp(*args, "-nodes")) 217 else if (!strcmp(*args, "-nodes"))
207 enc = NULL; 218 pkcs12_config.enc = NULL;
208 else if (!strcmp(*args, "-certpbe")) { 219 else if (!strcmp(*args, "-certpbe")) {
209 if (!set_pbe(bio_err, &cert_pbe, *++args)) 220 if (!set_pbe(bio_err, &pkcs12_config.cert_pbe, *++args))
210 badarg = 1; 221 badarg = 1;
211 } else if (!strcmp(*args, "-keypbe")) { 222 } else if (!strcmp(*args, "-keypbe")) {
212 if (!set_pbe(bio_err, &key_pbe, *++args)) 223 if (!set_pbe(bio_err, &pkcs12_config.key_pbe, *++args))
213 badarg = 1; 224 badarg = 1;
214 } else if (!strcmp(*args, "-inkey")) { 225 } else if (!strcmp(*args, "-inkey")) {
215 if (args[1]) { 226 if (args[1]) {
216 args++; 227 args++;
217 keyname = *args; 228 pkcs12_config.keyname = *args;
218 } else 229 } else
219 badarg = 1; 230 badarg = 1;
220 } else if (!strcmp(*args, "-certfile")) { 231 } else if (!strcmp(*args, "-certfile")) {
221 if (args[1]) { 232 if (args[1]) {
222 args++; 233 args++;
223 certfile = *args; 234 pkcs12_config.certfile = *args;
224 } else 235 } else
225 badarg = 1; 236 badarg = 1;
226 } else if (!strcmp(*args, "-name")) { 237 } else if (!strcmp(*args, "-name")) {
227 if (args[1]) { 238 if (args[1]) {
228 args++; 239 args++;
229 name = *args; 240 pkcs12_config.name = *args;
230 } else 241 } else
231 badarg = 1; 242 badarg = 1;
232 } else if (!strcmp(*args, "-LMK")) 243 } else if (!strcmp(*args, "-LMK"))
233 add_lmk = 1; 244 pkcs12_config.add_lmk = 1;
234 else if (!strcmp(*args, "-CSP")) { 245 else if (!strcmp(*args, "-CSP")) {
235 if (args[1]) { 246 if (args[1]) {
236 args++; 247 args++;
237 csp_name = *args; 248 pkcs12_config.csp_name = *args;
238 } else 249 } else
239 badarg = 1; 250 badarg = 1;
240 } else if (!strcmp(*args, "-caname")) { 251 } else if (!strcmp(*args, "-caname")) {
241 if (args[1]) { 252 if (args[1]) {
242 args++; 253 args++;
243 if (!canames) 254 if (!pkcs12_config.canames)
244 canames = sk_OPENSSL_STRING_new_null(); 255 pkcs12_config.canames = sk_OPENSSL_STRING_new_null();
245 sk_OPENSSL_STRING_push(canames, *args); 256 sk_OPENSSL_STRING_push(pkcs12_config.canames, *args);
246 } else 257 } else
247 badarg = 1; 258 badarg = 1;
248 } else if (!strcmp(*args, "-in")) { 259 } else if (!strcmp(*args, "-in")) {
249 if (args[1]) { 260 if (args[1]) {
250 args++; 261 args++;
251 infile = *args; 262 pkcs12_config.infile = *args;
252 } else 263 } else
253 badarg = 1; 264 badarg = 1;
254 } else if (!strcmp(*args, "-out")) { 265 } else if (!strcmp(*args, "-out")) {
255 if (args[1]) { 266 if (args[1]) {
256 args++; 267 args++;
257 outfile = *args; 268 pkcs12_config.outfile = *args;
258 } else 269 } else
259 badarg = 1; 270 badarg = 1;
260 } else if (!strcmp(*args, "-passin")) { 271 } else if (!strcmp(*args, "-passin")) {
261 if (args[1]) { 272 if (args[1]) {
262 args++; 273 args++;
263 passargin = *args; 274 pkcs12_config.passargin = *args;
264 } else 275 } else
265 badarg = 1; 276 badarg = 1;
266 } else if (!strcmp(*args, "-passout")) { 277 } else if (!strcmp(*args, "-passout")) {
267 if (args[1]) { 278 if (args[1]) {
268 args++; 279 args++;
269 passargout = *args; 280 pkcs12_config.passargout = *args;
270 } else 281 } else
271 badarg = 1; 282 badarg = 1;
272 } else if (!strcmp(*args, "-password")) { 283 } else if (!strcmp(*args, "-password")) {
273 if (args[1]) { 284 if (args[1]) {
274 args++; 285 args++;
275 passarg = *args; 286 pkcs12_config.passarg = *args;
276 noprompt = 1; 287 pkcs12_config.noprompt = 1;
277 } else 288 } else
278 badarg = 1; 289 badarg = 1;
279 } else if (!strcmp(*args, "-CApath")) { 290 } else if (!strcmp(*args, "-CApath")) {
280 if (args[1]) { 291 if (args[1]) {
281 args++; 292 args++;
282 CApath = *args; 293 pkcs12_config.CApath = *args;
283 } else 294 } else
284 badarg = 1; 295 badarg = 1;
285 } else if (!strcmp(*args, "-CAfile")) { 296 } else if (!strcmp(*args, "-CAfile")) {
286 if (args[1]) { 297 if (args[1]) {
287 args++; 298 args++;
288 CAfile = *args; 299 pkcs12_config.CAfile = *args;
289 } else 300 } else
290 badarg = 1; 301 badarg = 1;
291 } else 302 } else
@@ -349,58 +360,58 @@ pkcs12_main(int argc, char **argv)
349 goto end; 360 goto end;
350 } 361 }
351 362
352 if (passarg) { 363 if (pkcs12_config.passarg) {
353 if (export_cert) 364 if (pkcs12_config.export_cert)
354 passargout = passarg; 365 pkcs12_config.passargout = pkcs12_config.passarg;
355 else 366 else
356 passargin = passarg; 367 pkcs12_config.passargin = pkcs12_config.passarg;
357 } 368 }
358 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 369 if (!app_passwd(bio_err, pkcs12_config.passargin, pkcs12_config.passargout, &passin, &passout)) {
359 BIO_printf(bio_err, "Error getting passwords\n"); 370 BIO_printf(bio_err, "Error getting passwords\n");
360 goto end; 371 goto end;
361 } 372 }
362 if (!cpass) { 373 if (!cpass) {
363 if (export_cert) 374 if (pkcs12_config.export_cert)
364 cpass = passout; 375 cpass = passout;
365 else 376 else
366 cpass = passin; 377 cpass = passin;
367 } 378 }
368 if (cpass) { 379 if (cpass) {
369 mpass = cpass; 380 mpass = cpass;
370 noprompt = 1; 381 pkcs12_config.noprompt = 1;
371 } else { 382 } else {
372 cpass = pass; 383 cpass = pass;
373 mpass = macpass; 384 mpass = macpass;
374 } 385 }
375 386
376 if (!infile) 387 if (!pkcs12_config.infile)
377 in = BIO_new_fp(stdin, BIO_NOCLOSE); 388 in = BIO_new_fp(stdin, BIO_NOCLOSE);
378 else 389 else
379 in = BIO_new_file(infile, "rb"); 390 in = BIO_new_file(pkcs12_config.infile, "rb");
380 if (!in) { 391 if (!in) {
381 BIO_printf(bio_err, "Error opening input file %s\n", 392 BIO_printf(bio_err, "Error opening input file %s\n",
382 infile ? infile : "<stdin>"); 393 pkcs12_config.infile ? pkcs12_config.infile : "<stdin>");
383 perror(infile); 394 perror(pkcs12_config.infile);
384 goto end; 395 goto end;
385 } 396 }
386 397
387 if (!outfile) { 398 if (!pkcs12_config.outfile) {
388 out = BIO_new_fp(stdout, BIO_NOCLOSE); 399 out = BIO_new_fp(stdout, BIO_NOCLOSE);
389 } else 400 } else
390 out = BIO_new_file(outfile, "wb"); 401 out = BIO_new_file(pkcs12_config.outfile, "wb");
391 if (!out) { 402 if (!out) {
392 BIO_printf(bio_err, "Error opening output file %s\n", 403 BIO_printf(bio_err, "Error opening output file %s\n",
393 outfile ? outfile : "<stdout>"); 404 pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>");
394 perror(outfile); 405 perror(pkcs12_config.outfile);
395 goto end; 406 goto end;
396 } 407 }
397 if (twopass) { 408 if (pkcs12_config.twopass) {
398 if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { 409 if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", pkcs12_config.export_cert)) {
399 BIO_printf(bio_err, "Can't read Password\n"); 410 BIO_printf(bio_err, "Can't read Password\n");
400 goto end; 411 goto end;
401 } 412 }
402 } 413 }
403 if (export_cert) { 414 if (pkcs12_config.export_cert) {
404 EVP_PKEY *key = NULL; 415 EVP_PKEY *key = NULL;
405 X509 *ucert = NULL, *x = NULL; 416 X509 *ucert = NULL, *x = NULL;
406 STACK_OF(X509) * certs = NULL; 417 STACK_OF(X509) * certs = NULL;
@@ -408,23 +419,23 @@ pkcs12_main(int argc, char **argv)
408 unsigned char *catmp = NULL; 419 unsigned char *catmp = NULL;
409 int i; 420 int i;
410 421
411 if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { 422 if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
412 BIO_printf(bio_err, "Nothing to do!\n"); 423 BIO_printf(bio_err, "Nothing to do!\n");
413 goto export_end; 424 goto export_end;
414 } 425 }
415 if (options & NOCERTS) 426 if (pkcs12_config.options & NOCERTS)
416 chain = 0; 427 pkcs12_config.chain = 0;
417 428
418 if (!(options & NOKEYS)) { 429 if (!(pkcs12_config.options & NOKEYS)) {
419 key = load_key(bio_err, keyname ? keyname : infile, 430 key = load_key(bio_err, pkcs12_config.keyname ? pkcs12_config.keyname : pkcs12_config.infile,
420 FORMAT_PEM, 1, passin, "private key"); 431 FORMAT_PEM, 1, passin, "private key");
421 if (!key) 432 if (!key)
422 goto export_end; 433 goto export_end;
423 } 434 }
424 435
425 /* Load in all certs in input file */ 436 /* Load in all certs in input file */
426 if (!(options & NOCERTS)) { 437 if (!(pkcs12_config.options & NOCERTS)) {
427 certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, 438 certs = load_certs(bio_err, pkcs12_config.infile, FORMAT_PEM, NULL,
428 "certificates"); 439 "certificates");
429 if (!certs) 440 if (!certs)
430 goto export_end; 441 goto export_end;
@@ -451,9 +462,9 @@ pkcs12_main(int argc, char **argv)
451 } 462 }
452 463
453 /* Add any more certificates asked for */ 464 /* Add any more certificates asked for */
454 if (certfile) { 465 if (pkcs12_config.certfile) {
455 STACK_OF(X509) * morecerts = NULL; 466 STACK_OF(X509) * morecerts = NULL;
456 if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, 467 if (!(morecerts = load_certs(bio_err, pkcs12_config.certfile, FORMAT_PEM,
457 NULL, "certificates from certfile"))) 468 NULL, "certificates from certfile")))
458 goto export_end; 469 goto export_end;
459 while (sk_X509_num(morecerts) > 0) 470 while (sk_X509_num(morecerts) > 0)
@@ -463,7 +474,7 @@ pkcs12_main(int argc, char **argv)
463 474
464 475
465 /* If chaining get chain from user cert */ 476 /* If chaining get chain from user cert */
466 if (chain) { 477 if (pkcs12_config.chain) {
467 int vret; 478 int vret;
468 STACK_OF(X509) * chain2; 479 STACK_OF(X509) * chain2;
469 X509_STORE *store = X509_STORE_new(); 480 X509_STORE *store = X509_STORE_new();
@@ -471,7 +482,7 @@ pkcs12_main(int argc, char **argv)
471 BIO_printf(bio_err, "Memory allocation error\n"); 482 BIO_printf(bio_err, "Memory allocation error\n");
472 goto export_end; 483 goto export_end;
473 } 484 }
474 if (!X509_STORE_load_locations(store, CAfile, CApath)) 485 if (!X509_STORE_load_locations(store, pkcs12_config.CAfile, pkcs12_config.CApath))
475 X509_STORE_set_default_paths(store); 486 X509_STORE_set_default_paths(store);
476 487
477 vret = get_cert_chain(ucert, store, &chain2); 488 vret = get_cert_chain(ucert, store, &chain2);
@@ -495,44 +506,44 @@ pkcs12_main(int argc, char **argv)
495 } 506 }
496 /* Add any CA names */ 507 /* Add any CA names */
497 508
498 for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { 509 for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); i++) {
499 catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i); 510 catmp = (unsigned char *) sk_OPENSSL_STRING_value(pkcs12_config.canames, i);
500 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); 511 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
501 } 512 }
502 513
503 if (csp_name && key) 514 if (pkcs12_config.csp_name && key)
504 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 515 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
505 MBSTRING_ASC, (unsigned char *) csp_name, -1); 516 MBSTRING_ASC, (unsigned char *) pkcs12_config.csp_name, -1);
506 517
507 if (add_lmk && key) 518 if (pkcs12_config.add_lmk && key)
508 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); 519 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
509 520
510 521
511 if (!noprompt && 522 if (!pkcs12_config.noprompt &&
512 EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { 523 EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
513 BIO_printf(bio_err, "Can't read Password\n"); 524 BIO_printf(bio_err, "Can't read Password\n");
514 goto export_end; 525 goto export_end;
515 } 526 }
516 if (!twopass) 527 if (!pkcs12_config.twopass)
517 strlcpy(macpass, pass, sizeof macpass); 528 strlcpy(macpass, pass, sizeof macpass);
518 529
519 530
520 p12 = PKCS12_create(cpass, name, key, ucert, certs, 531 p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, certs,
521 key_pbe, cert_pbe, iter, -1, keytype); 532 pkcs12_config.key_pbe, pkcs12_config.cert_pbe, pkcs12_config.iter, -1, pkcs12_config.keytype);
522 533
523 if (!p12) { 534 if (!p12) {
524 ERR_print_errors(bio_err); 535 ERR_print_errors(bio_err);
525 goto export_end; 536 goto export_end;
526 } 537 }
527 if (macalg) { 538 if (pkcs12_config.macalg) {
528 macmd = EVP_get_digestbyname(macalg); 539 macmd = EVP_get_digestbyname(pkcs12_config.macalg);
529 if (!macmd) { 540 if (!macmd) {
530 BIO_printf(bio_err, "Unknown digest algorithm %s\n", 541 BIO_printf(bio_err, "Unknown digest algorithm %s\n",
531 macalg); 542 pkcs12_config.macalg);
532 } 543 }
533 } 544 }
534 if (maciter != -1) 545 if (pkcs12_config.maciter != -1)
535 PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); 546 PKCS12_set_mac(p12, mpass, -1, NULL, 0, pkcs12_config.maciter, macmd);
536 547
537 548
538 i2d_PKCS12_bio(out, p12); 549 i2d_PKCS12_bio(out, p12);
@@ -555,21 +566,21 @@ export_end:
555 ERR_print_errors(bio_err); 566 ERR_print_errors(bio_err);
556 goto end; 567 goto end;
557 } 568 }
558 if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { 569 if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
559 BIO_printf(bio_err, "Can't read Password\n"); 570 BIO_printf(bio_err, "Can't read Password\n");
560 goto end; 571 goto end;
561 } 572 }
562 573
563 if (!twopass) 574 if (!pkcs12_config.twopass)
564 strlcpy(macpass, pass, sizeof macpass); 575 strlcpy(macpass, pass, sizeof macpass);
565 576
566 if ((options & INFO) && p12->mac) 577 if ((pkcs12_config.options & INFO) && p12->mac)
567 BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); 578 BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
568 if (macver) { 579 if (pkcs12_config.macver) {
569 /* If we enter empty password try no password first */ 580 /* If we enter empty password try no password first */
570 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { 581 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
571 /* If mac and crypto pass the same set it to NULL too */ 582 /* If mac and crypto pass the same set it to NULL too */
572 if (!twopass) 583 if (!pkcs12_config.twopass)
573 cpass = NULL; 584 cpass = NULL;
574 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { 585 } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
575 BIO_printf(bio_err, "Mac verify error: invalid password?\n"); 586 BIO_printf(bio_err, "Mac verify error: invalid password?\n");
@@ -578,7 +589,7 @@ export_end:
578 } 589 }
579 BIO_printf(bio_err, "MAC verified OK\n"); 590 BIO_printf(bio_err, "MAC verified OK\n");
580 } 591 }
581 if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) { 592 if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, passout)) {
582 BIO_printf(bio_err, "Error outputting keys and certificates\n"); 593 BIO_printf(bio_err, "Error outputting keys and certificates\n");
583 ERR_print_errors(bio_err); 594 ERR_print_errors(bio_err);
584 goto end; 595 goto end;
@@ -589,8 +600,8 @@ export_end:
589 PKCS12_free(p12); 600 PKCS12_free(p12);
590 BIO_free(in); 601 BIO_free(in);
591 BIO_free_all(out); 602 BIO_free_all(out);
592 if (canames) 603 if (pkcs12_config.canames)
593 sk_OPENSSL_STRING_free(canames); 604 sk_OPENSSL_STRING_free(pkcs12_config.canames);
594 free(passin); 605 free(passin);
595 free(passout); 606 free(passout);
596 607
@@ -678,7 +689,7 @@ dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
678 if (!(pkey = EVP_PKCS82PKEY(p8))) 689 if (!(pkey = EVP_PKCS82PKEY(p8)))
679 return 0; 690 return 0;
680 print_attribs(out, p8->attributes, "Key Attributes"); 691 print_attribs(out, p8->attributes, "Key Attributes");
681 PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); 692 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass);
682 EVP_PKEY_free(pkey); 693 EVP_PKEY_free(pkey);
683 break; 694 break;
684 695
@@ -698,7 +709,7 @@ dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
698 } 709 }
699 print_attribs(out, p8->attributes, "Key Attributes"); 710 print_attribs(out, p8->attributes, "Key Attributes");
700 PKCS8_PRIV_KEY_INFO_free(p8); 711 PKCS8_PRIV_KEY_INFO_free(p8);
701 PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); 712 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass);
702 EVP_PKEY_free(pkey); 713 EVP_PKEY_free(pkey);
703 break; 714 break;
704 715
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-02 16:36:40 +0000