/* pkcs8.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================
*
*/
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
int informat, outformat;
int p8_broken = PKCS8_OK;
int nocrypt = 0;
- X509_SIG *p8;
- PKCS8_PRIV_KEY_INFO *p8inf;
+ X509_SIG *p8 = NULL;
+ PKCS8_PRIV_KEY_INFO *p8inf = NULL;
EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
+ int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
else
badarg = 1;
}
+ else if (!strcmp(*args,"-v2prf"))
+ {
+ if (args[1])
+ {
+ args++;
+ pbe_nid=OBJ_txt2nid(*args);
+ if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+ {
+ BIO_printf(bio_err,
+ "Unknown PRF algorithm %s\n", *args);
+ badarg = 1;
+ }
+ }
+ else
+ badarg = 1;
+ }
else if (!strcmp(*args,"-inform"))
{
if (args[1])
topk8 = 1;
else if (!strcmp (*args, "-noiter"))
iter = 1;
+ else if (!strcmp (*args, "-iter"))
+ {
+ if (args[1])
+ {
+ iter = atoi(*(++args));
+ if (iter <= 0) badarg = 1;
+ }
+ else badarg = 1;
+ }
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
else if (!strcmp (*args, "-nooct"))
p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args,"-passin"))
{
- if (!args[1]) goto bad;
- passargin= *(++args);
+ if (args[1])
+ passargin= *(++args);
+ else badarg = 1;
}
else if (!strcmp(*args,"-passout"))
{
- if (!args[1]) goto bad;
- passargout= *(++args);
+ if (args[1])
+ passargout= *(++args);
+ else badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
- if (!args[1]) goto bad;
- engine= *(++args);
+ if (args[1])
+ engine= *(++args);
+ else badarg = 1;
}
#endif
else if (!strcmp (*args, "-in"))
if (badarg)
{
- bad:
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
+ BIO_printf(bio_err, "-iter count use count as iteration count\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
- return 1;
+ goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
- return 1;
+ goto end;
}
if ((pbe_nid == -1) && !cipher)
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
- return (1);
+ goto end;
}
}
else
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
- return (1);
+ goto end;
}
}
else
}
if (topk8)
{
- BIO_free(in); /* Not needed in this section */
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)
- {
- BIO_free_all(out);
- return 1;
- }
+ goto end;
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return 1;
+ goto end;
}
if (nocrypt)
{
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
+ goto end;
}
}
else
{
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
- {
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
+ goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
{
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
+ goto end;
}
app_RAND_write_file(NULL, bio_err);
if (outformat == FORMAT_PEM)
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
+ goto end;
}
- X509_SIG_free(p8);
}
- PKCS8_PRIV_KEY_INFO_free (p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
- return (0);
+ ret = 0;
+ goto end;
}
if (nocrypt)
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
+ goto end;
}
}
else
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
+ goto end;
}
if (!p8)
{
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
- return (1);
+ goto end;
}
if (passin)
p8pass = passin;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
- X509_SIG_free(p8);
}
if (!p8inf)
{
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
- return (1);
+ goto end;
}
if (!(pkey = EVP_PKCS82PKEY(p8inf)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
- return (1);
+ goto end;
}
if (p8inf->broken)
BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
+ case PKCS8_NEG_PRIVKEY:
+ BIO_printf(bio_err, "DSA private key value is negative\n");
+ break;
+
default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
- PKCS8_PRIV_KEY_INFO_free(p8inf);
if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1)
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
+ goto end;
}
+ ret = 0;
end:
+ X509_SIG_free(p8);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
if (passout)
OPENSSL_free(passout);
- return (0);
+ return ret;
}