summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/pkcs12.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/pkcs12.c')
-rw-r--r--src/usr.bin/openssl/pkcs12.c204
1 files changed, 102 insertions, 102 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 6e671e9275..aedae640e3 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -118,16 +118,16 @@ static struct {
118 char *passargin; 118 char *passargin;
119 char *passargout; 119 char *passargout;
120 int twopass; 120 int twopass;
121} pkcs12_config; 121} cfg;
122 122
123static int 123static int
124pkcs12_opt_canames(char *arg) 124pkcs12_opt_canames(char *arg)
125{ 125{
126 if (pkcs12_config.canames == NULL && 126 if (cfg.canames == NULL &&
127 (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL) 127 (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL)
128 return (1); 128 return (1);
129 129
130 if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg)) 130 if (!sk_OPENSSL_STRING_push(cfg.canames, arg))
131 return (1); 131 return (1);
132 132
133 return (0); 133 return (0);
@@ -136,20 +136,20 @@ pkcs12_opt_canames(char *arg)
136static int 136static int
137pkcs12_opt_cert_pbe(char *arg) 137pkcs12_opt_cert_pbe(char *arg)
138{ 138{
139 return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg)); 139 return (!set_pbe(bio_err, &cfg.cert_pbe, arg));
140} 140}
141 141
142static int 142static int
143pkcs12_opt_key_pbe(char *arg) 143pkcs12_opt_key_pbe(char *arg)
144{ 144{
145 return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg)); 145 return (!set_pbe(bio_err, &cfg.key_pbe, arg));
146} 146}
147 147
148static int 148static int
149pkcs12_opt_passarg(char *arg) 149pkcs12_opt_passarg(char *arg)
150{ 150{
151 pkcs12_config.passarg = arg; 151 cfg.passarg = arg;
152 pkcs12_config.noprompt = 1; 152 cfg.noprompt = 1;
153 return (0); 153 return (0);
154} 154}
155 155
@@ -196,8 +196,8 @@ pkcs12_opt_enc(int argc, char **argv, int *argsused)
196 return (1); 196 return (1);
197 197
198 if (strcmp(name, "nodes") == 0) 198 if (strcmp(name, "nodes") == 0)
199 pkcs12_config.enc = NULL; 199 cfg.enc = NULL;
200 else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL) 200 else if ((cfg.enc = get_cipher_by_name(name)) == NULL)
201 return (1); 201 return (1);
202 202
203 *argsused = 1; 203 *argsused = 1;
@@ -269,7 +269,7 @@ static const struct option pkcs12_options[] = {
269 .name = "cacerts", 269 .name = "cacerts",
270 .desc = "Only output CA certificates", 270 .desc = "Only output CA certificates",
271 .type = OPTION_VALUE_OR, 271 .type = OPTION_VALUE_OR,
272 .opt.value = &pkcs12_config.options, 272 .opt.value = &cfg.options,
273 .value = CACERTS, 273 .value = CACERTS,
274 }, 274 },
275 { 275 {
@@ -277,7 +277,7 @@ static const struct option pkcs12_options[] = {
277 .argname = "file", 277 .argname = "file",
278 .desc = "PEM format file of CA certificates", 278 .desc = "PEM format file of CA certificates",
279 .type = OPTION_ARG, 279 .type = OPTION_ARG,
280 .opt.arg = &pkcs12_config.CAfile, 280 .opt.arg = &cfg.CAfile,
281 }, 281 },
282 { 282 {
283 .name = "caname", 283 .name = "caname",
@@ -291,14 +291,14 @@ static const struct option pkcs12_options[] = {
291 .argname = "directory", 291 .argname = "directory",
292 .desc = "PEM format directory of CA certificates", 292 .desc = "PEM format directory of CA certificates",
293 .type = OPTION_ARG, 293 .type = OPTION_ARG,
294 .opt.arg = &pkcs12_config.CApath, 294 .opt.arg = &cfg.CApath,
295 }, 295 },
296 { 296 {
297 .name = "certfile", 297 .name = "certfile",
298 .argname = "file", 298 .argname = "file",
299 .desc = "Add all certs in file", 299 .desc = "Add all certs in file",
300 .type = OPTION_ARG, 300 .type = OPTION_ARG,
301 .opt.arg = &pkcs12_config.certfile, 301 .opt.arg = &cfg.certfile,
302 }, 302 },
303 { 303 {
304 .name = "certpbe", 304 .name = "certpbe",
@@ -311,13 +311,13 @@ static const struct option pkcs12_options[] = {
311 .name = "chain", 311 .name = "chain",
312 .desc = "Add certificate chain", 312 .desc = "Add certificate chain",
313 .type = OPTION_FLAG, 313 .type = OPTION_FLAG,
314 .opt.flag = &pkcs12_config.chain, 314 .opt.flag = &cfg.chain,
315 }, 315 },
316 { 316 {
317 .name = "clcerts", 317 .name = "clcerts",
318 .desc = "Only output client certificates", 318 .desc = "Only output client certificates",
319 .type = OPTION_VALUE_OR, 319 .type = OPTION_VALUE_OR,
320 .opt.value = &pkcs12_config.options, 320 .opt.value = &cfg.options,
321 .value = CLCERTS, 321 .value = CLCERTS,
322 }, 322 },
323 { 323 {
@@ -325,33 +325,33 @@ static const struct option pkcs12_options[] = {
325 .argname = "name", 325 .argname = "name",
326 .desc = "Microsoft CSP name", 326 .desc = "Microsoft CSP name",
327 .type = OPTION_ARG, 327 .type = OPTION_ARG,
328 .opt.arg = &pkcs12_config.csp_name, 328 .opt.arg = &cfg.csp_name,
329 }, 329 },
330 { 330 {
331 .name = "descert", 331 .name = "descert",
332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", 332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)",
333 .type = OPTION_VALUE, 333 .type = OPTION_VALUE,
334 .opt.value = &pkcs12_config.cert_pbe, 334 .opt.value = &cfg.cert_pbe,
335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
336 }, 336 },
337 { 337 {
338 .name = "export", 338 .name = "export",
339 .desc = "Output PKCS#12 file", 339 .desc = "Output PKCS#12 file",
340 .type = OPTION_FLAG, 340 .type = OPTION_FLAG,
341 .opt.flag = &pkcs12_config.export_cert, 341 .opt.flag = &cfg.export_cert,
342 }, 342 },
343 { 343 {
344 .name = "in", 344 .name = "in",
345 .argname = "file", 345 .argname = "file",
346 .desc = "Input filename", 346 .desc = "Input filename",
347 .type = OPTION_ARG, 347 .type = OPTION_ARG,
348 .opt.arg = &pkcs12_config.infile, 348 .opt.arg = &cfg.infile,
349 }, 349 },
350 { 350 {
351 .name = "info", 351 .name = "info",
352 .desc = "Give info about PKCS#12 structure", 352 .desc = "Give info about PKCS#12 structure",
353 .type = OPTION_VALUE_OR, 353 .type = OPTION_VALUE_OR,
354 .opt.value = &pkcs12_config.options, 354 .opt.value = &cfg.options,
355 .value = INFO, 355 .value = INFO,
356 }, 356 },
357 { 357 {
@@ -359,13 +359,13 @@ static const struct option pkcs12_options[] = {
359 .argname = "file", 359 .argname = "file",
360 .desc = "Private key if not infile", 360 .desc = "Private key if not infile",
361 .type = OPTION_ARG, 361 .type = OPTION_ARG,
362 .opt.arg = &pkcs12_config.keyname, 362 .opt.arg = &cfg.keyname,
363 }, 363 },
364 { 364 {
365 .name = "keyex", 365 .name = "keyex",
366 .desc = "Set MS key exchange type", 366 .desc = "Set MS key exchange type",
367 .type = OPTION_VALUE, 367 .type = OPTION_VALUE,
368 .opt.value = &pkcs12_config.keytype, 368 .opt.value = &cfg.keytype,
369 .value = KEY_EX, 369 .value = KEY_EX,
370 }, 370 },
371 { 371 {
@@ -379,27 +379,27 @@ static const struct option pkcs12_options[] = {
379 .name = "keysig", 379 .name = "keysig",
380 .desc = "Set MS key signature type", 380 .desc = "Set MS key signature type",
381 .type = OPTION_VALUE, 381 .type = OPTION_VALUE,
382 .opt.value = &pkcs12_config.keytype, 382 .opt.value = &cfg.keytype,
383 .value = KEY_SIG, 383 .value = KEY_SIG,
384 }, 384 },
385 { 385 {
386 .name = "LMK", 386 .name = "LMK",
387 .desc = "Add local machine keyset attribute to private key", 387 .desc = "Add local machine keyset attribute to private key",
388 .type = OPTION_FLAG, 388 .type = OPTION_FLAG,
389 .opt.flag = &pkcs12_config.add_lmk, 389 .opt.flag = &cfg.add_lmk,
390 }, 390 },
391 { 391 {
392 .name = "macalg", 392 .name = "macalg",
393 .argname = "alg", 393 .argname = "alg",
394 .desc = "Digest algorithm used in MAC (default SHA1)", 394 .desc = "Digest algorithm used in MAC (default SHA1)",
395 .type = OPTION_ARG, 395 .type = OPTION_ARG,
396 .opt.arg = &pkcs12_config.macalg, 396 .opt.arg = &cfg.macalg,
397 }, 397 },
398 { 398 {
399 .name = "maciter", 399 .name = "maciter",
400 .desc = "Use MAC iteration", 400 .desc = "Use MAC iteration",
401 .type = OPTION_VALUE, 401 .type = OPTION_VALUE,
402 .opt.value = &pkcs12_config.maciter, 402 .opt.value = &cfg.maciter,
403 .value = PKCS12_DEFAULT_ITER, 403 .value = PKCS12_DEFAULT_ITER,
404 }, 404 },
405 { 405 {
@@ -407,13 +407,13 @@ static const struct option pkcs12_options[] = {
407 .argname = "name", 407 .argname = "name",
408 .desc = "Use name as friendly name", 408 .desc = "Use name as friendly name",
409 .type = OPTION_ARG, 409 .type = OPTION_ARG,
410 .opt.arg = &pkcs12_config.name, 410 .opt.arg = &cfg.name,
411 }, 411 },
412 { 412 {
413 .name = "nocerts", 413 .name = "nocerts",
414 .desc = "Don't output certificates", 414 .desc = "Don't output certificates",
415 .type = OPTION_VALUE_OR, 415 .type = OPTION_VALUE_OR,
416 .opt.value = &pkcs12_config.options, 416 .opt.value = &cfg.options,
417 .value = NOCERTS, 417 .value = NOCERTS,
418 }, 418 },
419 { 419 {
@@ -426,42 +426,42 @@ static const struct option pkcs12_options[] = {
426 .name = "noiter", 426 .name = "noiter",
427 .desc = "Don't use encryption iteration", 427 .desc = "Don't use encryption iteration",
428 .type = OPTION_VALUE, 428 .type = OPTION_VALUE,
429 .opt.value = &pkcs12_config.iter, 429 .opt.value = &cfg.iter,
430 .value = 1, 430 .value = 1,
431 }, 431 },
432 { 432 {
433 .name = "nokeys", 433 .name = "nokeys",
434 .desc = "Don't output private keys", 434 .desc = "Don't output private keys",
435 .type = OPTION_VALUE_OR, 435 .type = OPTION_VALUE_OR,
436 .opt.value = &pkcs12_config.options, 436 .opt.value = &cfg.options,
437 .value = NOKEYS, 437 .value = NOKEYS,
438 }, 438 },
439 { 439 {
440 .name = "nomac", 440 .name = "nomac",
441 .desc = "Don't generate MAC", 441 .desc = "Don't generate MAC",
442 .type = OPTION_VALUE, 442 .type = OPTION_VALUE,
443 .opt.value = &pkcs12_config.maciter, 443 .opt.value = &cfg.maciter,
444 .value = -1, 444 .value = -1,
445 }, 445 },
446 { 446 {
447 .name = "nomaciter", 447 .name = "nomaciter",
448 .desc = "Don't use MAC iteration", 448 .desc = "Don't use MAC iteration",
449 .type = OPTION_VALUE, 449 .type = OPTION_VALUE,
450 .opt.value = &pkcs12_config.maciter, 450 .opt.value = &cfg.maciter,
451 .value = 1, 451 .value = 1,
452 }, 452 },
453 { 453 {
454 .name = "nomacver", 454 .name = "nomacver",
455 .desc = "Don't verify MAC", 455 .desc = "Don't verify MAC",
456 .type = OPTION_VALUE, 456 .type = OPTION_VALUE,
457 .opt.value = &pkcs12_config.macver, 457 .opt.value = &cfg.macver,
458 .value = 0, 458 .value = 0,
459 }, 459 },
460 { 460 {
461 .name = "noout", 461 .name = "noout",
462 .desc = "Don't output anything, just verify", 462 .desc = "Don't output anything, just verify",
463 .type = OPTION_VALUE_OR, 463 .type = OPTION_VALUE_OR,
464 .opt.value = &pkcs12_config.options, 464 .opt.value = &cfg.options,
465 .value = (NOKEYS | NOCERTS), 465 .value = (NOKEYS | NOCERTS),
466 }, 466 },
467 { 467 {
@@ -469,21 +469,21 @@ static const struct option pkcs12_options[] = {
469 .argname = "file", 469 .argname = "file",
470 .desc = "Output filename", 470 .desc = "Output filename",
471 .type = OPTION_ARG, 471 .type = OPTION_ARG,
472 .opt.arg = &pkcs12_config.outfile, 472 .opt.arg = &cfg.outfile,
473 }, 473 },
474 { 474 {
475 .name = "passin", 475 .name = "passin",
476 .argname = "arg", 476 .argname = "arg",
477 .desc = "Input file passphrase source", 477 .desc = "Input file passphrase source",
478 .type = OPTION_ARG, 478 .type = OPTION_ARG,
479 .opt.arg = &pkcs12_config.passargin, 479 .opt.arg = &cfg.passargin,
480 }, 480 },
481 { 481 {
482 .name = "passout", 482 .name = "passout",
483 .argname = "arg", 483 .argname = "arg",
484 .desc = "Output file passphrase source", 484 .desc = "Output file passphrase source",
485 .type = OPTION_ARG, 485 .type = OPTION_ARG,
486 .opt.arg = &pkcs12_config.passargout, 486 .opt.arg = &cfg.passargout,
487 }, 487 },
488 { 488 {
489 .name = "password", 489 .name = "password",
@@ -496,7 +496,7 @@ static const struct option pkcs12_options[] = {
496 .name = "twopass", 496 .name = "twopass",
497 .desc = "Separate MAC, encryption passwords", 497 .desc = "Separate MAC, encryption passwords",
498 .type = OPTION_FLAG, 498 .type = OPTION_FLAG,
499 .opt.flag = &pkcs12_config.twopass, 499 .opt.flag = &cfg.twopass,
500 }, 500 },
501 { NULL }, 501 { NULL },
502}; 502};
@@ -541,73 +541,73 @@ pkcs12_main(int argc, char **argv)
541 exit(1); 541 exit(1);
542 } 542 }
543 543
544 memset(&pkcs12_config, 0, sizeof(pkcs12_config)); 544 memset(&cfg, 0, sizeof(cfg));
545 pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 545 cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
546 pkcs12_config.enc = EVP_des_ede3_cbc(); 546 cfg.enc = EVP_des_ede3_cbc();
547 pkcs12_config.iter = PKCS12_DEFAULT_ITER; 547 cfg.iter = PKCS12_DEFAULT_ITER;
548 pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 548 cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
549 pkcs12_config.maciter = PKCS12_DEFAULT_ITER; 549 cfg.maciter = PKCS12_DEFAULT_ITER;
550 pkcs12_config.macver = 1; 550 cfg.macver = 1;
551 551
552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { 552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) {
553 pkcs12_usage(); 553 pkcs12_usage();
554 goto end; 554 goto end;
555 } 555 }
556 556
557 if (pkcs12_config.passarg != NULL) { 557 if (cfg.passarg != NULL) {
558 if (pkcs12_config.export_cert) 558 if (cfg.export_cert)
559 pkcs12_config.passargout = pkcs12_config.passarg; 559 cfg.passargout = cfg.passarg;
560 else 560 else
561 pkcs12_config.passargin = pkcs12_config.passarg; 561 cfg.passargin = cfg.passarg;
562 } 562 }
563 if (!app_passwd(bio_err, pkcs12_config.passargin, 563 if (!app_passwd(bio_err, cfg.passargin,
564 pkcs12_config.passargout, &passin, &passout)) { 564 cfg.passargout, &passin, &passout)) {
565 BIO_printf(bio_err, "Error getting passwords\n"); 565 BIO_printf(bio_err, "Error getting passwords\n");
566 goto end; 566 goto end;
567 } 567 }
568 if (cpass == NULL) { 568 if (cpass == NULL) {
569 if (pkcs12_config.export_cert) 569 if (cfg.export_cert)
570 cpass = passout; 570 cpass = passout;
571 else 571 else
572 cpass = passin; 572 cpass = passin;
573 } 573 }
574 if (cpass != NULL) { 574 if (cpass != NULL) {
575 mpass = cpass; 575 mpass = cpass;
576 pkcs12_config.noprompt = 1; 576 cfg.noprompt = 1;
577 } else { 577 } else {
578 cpass = pass; 578 cpass = pass;
579 mpass = macpass; 579 mpass = macpass;
580 } 580 }
581 581
582 if (pkcs12_config.infile == NULL) 582 if (cfg.infile == NULL)
583 in = BIO_new_fp(stdin, BIO_NOCLOSE); 583 in = BIO_new_fp(stdin, BIO_NOCLOSE);
584 else 584 else
585 in = BIO_new_file(pkcs12_config.infile, "rb"); 585 in = BIO_new_file(cfg.infile, "rb");
586 if (in == NULL) { 586 if (in == NULL) {
587 BIO_printf(bio_err, "Error opening input file %s\n", 587 BIO_printf(bio_err, "Error opening input file %s\n",
588 pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); 588 cfg.infile ? cfg.infile : "<stdin>");
589 perror(pkcs12_config.infile); 589 perror(cfg.infile);
590 goto end; 590 goto end;
591 } 591 }
592 592
593 if (pkcs12_config.outfile == NULL) { 593 if (cfg.outfile == NULL) {
594 out = BIO_new_fp(stdout, BIO_NOCLOSE); 594 out = BIO_new_fp(stdout, BIO_NOCLOSE);
595 } else 595 } else
596 out = BIO_new_file(pkcs12_config.outfile, "wb"); 596 out = BIO_new_file(cfg.outfile, "wb");
597 if (out == NULL) { 597 if (out == NULL) {
598 BIO_printf(bio_err, "Error opening output file %s\n", 598 BIO_printf(bio_err, "Error opening output file %s\n",
599 pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); 599 cfg.outfile ? cfg.outfile : "<stdout>");
600 perror(pkcs12_config.outfile); 600 perror(cfg.outfile);
601 goto end; 601 goto end;
602 } 602 }
603 if (pkcs12_config.twopass) { 603 if (cfg.twopass) {
604 if (EVP_read_pw_string(macpass, sizeof macpass, 604 if (EVP_read_pw_string(macpass, sizeof macpass,
605 "Enter MAC Password:", pkcs12_config.export_cert)) { 605 "Enter MAC Password:", cfg.export_cert)) {
606 BIO_printf(bio_err, "Can't read Password\n"); 606 BIO_printf(bio_err, "Can't read Password\n");
607 goto end; 607 goto end;
608 } 608 }
609 } 609 }
610 if (pkcs12_config.export_cert) { 610 if (cfg.export_cert) {
611 EVP_PKEY *key = NULL; 611 EVP_PKEY *key = NULL;
612 X509 *ucert = NULL, *x = NULL; 612 X509 *ucert = NULL, *x = NULL;
613 STACK_OF(X509) *certs = NULL; 613 STACK_OF(X509) *certs = NULL;
@@ -615,25 +615,25 @@ pkcs12_main(int argc, char **argv)
615 unsigned char *catmp = NULL; 615 unsigned char *catmp = NULL;
616 int i; 616 int i;
617 617
618 if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == 618 if ((cfg.options & (NOCERTS | NOKEYS)) ==
619 (NOCERTS | NOKEYS)) { 619 (NOCERTS | NOKEYS)) {
620 BIO_printf(bio_err, "Nothing to do!\n"); 620 BIO_printf(bio_err, "Nothing to do!\n");
621 goto export_end; 621 goto export_end;
622 } 622 }
623 if (pkcs12_config.options & NOCERTS) 623 if (cfg.options & NOCERTS)
624 pkcs12_config.chain = 0; 624 cfg.chain = 0;
625 625
626 if (!(pkcs12_config.options & NOKEYS)) { 626 if (!(cfg.options & NOKEYS)) {
627 key = load_key(bio_err, pkcs12_config.keyname ? 627 key = load_key(bio_err, cfg.keyname ?
628 pkcs12_config.keyname : pkcs12_config.infile, 628 cfg.keyname : cfg.infile,
629 FORMAT_PEM, 1, passin, "private key"); 629 FORMAT_PEM, 1, passin, "private key");
630 if (!key) 630 if (!key)
631 goto export_end; 631 goto export_end;
632 } 632 }
633 633
634 /* Load in all certs in input file */ 634 /* Load in all certs in input file */
635 if (!(pkcs12_config.options & NOCERTS)) { 635 if (!(cfg.options & NOCERTS)) {
636 certs = load_certs(bio_err, pkcs12_config.infile, 636 certs = load_certs(bio_err, cfg.infile,
637 FORMAT_PEM, NULL, "certificates"); 637 FORMAT_PEM, NULL, "certificates");
638 if (certs == NULL) 638 if (certs == NULL)
639 goto export_end; 639 goto export_end;
@@ -661,10 +661,10 @@ pkcs12_main(int argc, char **argv)
661 } 661 }
662 662
663 /* Add any more certificates asked for */ 663 /* Add any more certificates asked for */
664 if (pkcs12_config.certfile != NULL) { 664 if (cfg.certfile != NULL) {
665 STACK_OF(X509) *morecerts = NULL; 665 STACK_OF(X509) *morecerts = NULL;
666 if ((morecerts = load_certs(bio_err, 666 if ((morecerts = load_certs(bio_err,
667 pkcs12_config.certfile, FORMAT_PEM, NULL, 667 cfg.certfile, FORMAT_PEM, NULL,
668 "certificates from certfile")) == NULL) 668 "certificates from certfile")) == NULL)
669 goto export_end; 669 goto export_end;
670 while (sk_X509_num(morecerts) > 0) 670 while (sk_X509_num(morecerts) > 0)
@@ -674,7 +674,7 @@ pkcs12_main(int argc, char **argv)
674 674
675 675
676 /* If chaining get chain from user cert */ 676 /* If chaining get chain from user cert */
677 if (pkcs12_config.chain) { 677 if (cfg.chain) {
678 int vret; 678 int vret;
679 STACK_OF(X509) *chain2; 679 STACK_OF(X509) *chain2;
680 X509_STORE *store = X509_STORE_new(); 680 X509_STORE *store = X509_STORE_new();
@@ -684,7 +684,7 @@ pkcs12_main(int argc, char **argv)
684 goto export_end; 684 goto export_end;
685 } 685 }
686 if (!X509_STORE_load_locations(store, 686 if (!X509_STORE_load_locations(store,
687 pkcs12_config.CAfile, pkcs12_config.CApath)) 687 cfg.CAfile, cfg.CApath))
688 X509_STORE_set_default_paths(store); 688 X509_STORE_set_default_paths(store);
689 689
690 vret = get_cert_chain(ucert, store, &chain2); 690 vret = get_cert_chain(ucert, store, &chain2);
@@ -711,51 +711,51 @@ pkcs12_main(int argc, char **argv)
711 } 711 }
712 /* Add any CA names */ 712 /* Add any CA names */
713 713
714 for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); 714 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames);
715 i++) { 715 i++) {
716 catmp = (unsigned char *) sk_OPENSSL_STRING_value( 716 catmp = (unsigned char *) sk_OPENSSL_STRING_value(
717 pkcs12_config.canames, i); 717 cfg.canames, i);
718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); 718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
719 } 719 }
720 720
721 if (pkcs12_config.csp_name != NULL && key != NULL) 721 if (cfg.csp_name != NULL && key != NULL)
722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
723 MBSTRING_ASC, 723 MBSTRING_ASC,
724 (unsigned char *) pkcs12_config.csp_name, -1); 724 (unsigned char *) cfg.csp_name, -1);
725 725
726 if (pkcs12_config.add_lmk && key != NULL) 726 if (cfg.add_lmk && key != NULL)
727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, 727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL,
728 -1); 728 -1);
729 729
730 if (!pkcs12_config.noprompt && 730 if (!cfg.noprompt &&
731 EVP_read_pw_string(pass, sizeof pass, 731 EVP_read_pw_string(pass, sizeof pass,
732 "Enter Export Password:", 1)) { 732 "Enter Export Password:", 1)) {
733 BIO_printf(bio_err, "Can't read Password\n"); 733 BIO_printf(bio_err, "Can't read Password\n");
734 goto export_end; 734 goto export_end;
735 } 735 }
736 if (!pkcs12_config.twopass) 736 if (!cfg.twopass)
737 strlcpy(macpass, pass, sizeof macpass); 737 strlcpy(macpass, pass, sizeof macpass);
738 738
739 739
740 p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, 740 p12 = PKCS12_create(cpass, cfg.name, key, ucert,
741 certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, 741 certs, cfg.key_pbe, cfg.cert_pbe,
742 pkcs12_config.iter, -1, pkcs12_config.keytype); 742 cfg.iter, -1, cfg.keytype);
743 743
744 if (p12 == NULL) { 744 if (p12 == NULL) {
745 ERR_print_errors(bio_err); 745 ERR_print_errors(bio_err);
746 goto export_end; 746 goto export_end;
747 } 747 }
748 if (pkcs12_config.macalg != NULL) { 748 if (cfg.macalg != NULL) {
749 macmd = EVP_get_digestbyname(pkcs12_config.macalg); 749 macmd = EVP_get_digestbyname(cfg.macalg);
750 if (macmd == NULL) { 750 if (macmd == NULL) {
751 BIO_printf(bio_err, 751 BIO_printf(bio_err,
752 "Unknown digest algorithm %s\n", 752 "Unknown digest algorithm %s\n",
753 pkcs12_config.macalg); 753 cfg.macalg);
754 } 754 }
755 } 755 }
756 if (pkcs12_config.maciter != -1) 756 if (cfg.maciter != -1)
757 PKCS12_set_mac(p12, mpass, -1, NULL, 0, 757 PKCS12_set_mac(p12, mpass, -1, NULL, 0,
758 pkcs12_config.maciter, macmd); 758 cfg.maciter, macmd);
759 759
760 i2d_PKCS12_bio(out, p12); 760 i2d_PKCS12_bio(out, p12);
761 761
@@ -773,27 +773,27 @@ pkcs12_main(int argc, char **argv)
773 ERR_print_errors(bio_err); 773 ERR_print_errors(bio_err);
774 goto end; 774 goto end;
775 } 775 }
776 if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, 776 if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass,
777 "Enter Import Password:", 0)) { 777 "Enter Import Password:", 0)) {
778 BIO_printf(bio_err, "Can't read Password\n"); 778 BIO_printf(bio_err, "Can't read Password\n");
779 goto end; 779 goto end;
780 } 780 }
781 781
782 if (!pkcs12_config.twopass) 782 if (!cfg.twopass)
783 strlcpy(macpass, pass, sizeof macpass); 783 strlcpy(macpass, pass, sizeof macpass);
784 784
785 if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { 785 if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) {
786 const ASN1_INTEGER *iter; 786 const ASN1_INTEGER *iter;
787 787
788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); 788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12);
789 BIO_printf(bio_err, "MAC Iteration %ld\n", 789 BIO_printf(bio_err, "MAC Iteration %ld\n",
790 iter != NULL ? ASN1_INTEGER_get(iter) : 1); 790 iter != NULL ? ASN1_INTEGER_get(iter) : 1);
791 } 791 }
792 if (pkcs12_config.macver) { 792 if (cfg.macver) {
793 /* If we enter empty password try no password first */ 793 /* If we enter empty password try no password first */
794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { 794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
795 /* If mac and crypto pass the same set it to NULL too */ 795 /* If mac and crypto pass the same set it to NULL too */
796 if (!pkcs12_config.twopass) 796 if (!cfg.twopass)
797 cpass = NULL; 797 cpass = NULL;
798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { 798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
799 BIO_printf(bio_err, 799 BIO_printf(bio_err,
@@ -803,7 +803,7 @@ pkcs12_main(int argc, char **argv)
803 } 803 }
804 BIO_printf(bio_err, "MAC verified OK\n"); 804 BIO_printf(bio_err, "MAC verified OK\n");
805 } 805 }
806 if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, 806 if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options,
807 passout)) { 807 passout)) {
808 BIO_printf(bio_err, "Error outputting keys and certificates\n"); 808 BIO_printf(bio_err, "Error outputting keys and certificates\n");
809 ERR_print_errors(bio_err); 809 ERR_print_errors(bio_err);
@@ -814,7 +814,7 @@ pkcs12_main(int argc, char **argv)
814 PKCS12_free(p12); 814 PKCS12_free(p12);
815 BIO_free(in); 815 BIO_free(in);
816 BIO_free_all(out); 816 BIO_free_all(out);
817 sk_OPENSSL_STRING_free(pkcs12_config.canames); 817 sk_OPENSSL_STRING_free(cfg.canames);
818 free(passin); 818 free(passin);
819 free(passout); 819 free(passout);
820 820
@@ -907,7 +907,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) 907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
908 return 0; 908 return 0;
909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
910 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 910 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
911 NULL, pempass); 911 NULL, pempass);
912 EVP_PKEY_free(pkey); 912 EVP_PKEY_free(pkey);
913 break; 913 break;
@@ -938,7 +938,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
938 } 938 }
939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
940 PKCS8_PRIV_KEY_INFO_free(p8); 940 PKCS8_PRIV_KEY_INFO_free(p8);
941 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 941 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
942 NULL, pempass); 942 NULL, pempass);
943 EVP_PKEY_free(pkey); 943 EVP_PKEY_free(pkey);
944 break; 944 break;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 21:43:03 +0000