"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "apps/pkcs12.c" between
openssl-1.1.1f.tar.gz and openssl-1.1.1g.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

pkcs12.c  (openssl-1.1.1f):pkcs12.c  (openssl-1.1.1g)
/* /*
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at * in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#if defined(OPENSSL_NO_DES) #include <stdio.h>
NON_EMPTY_TRANSLATION_UNIT #include <stdlib.h>
#else #include <string.h>
#include "apps.h"
# include <stdio.h> #include "progs.h"
# include <stdlib.h> #include <openssl/crypto.h>
# include <string.h> #include <openssl/err.h>
# include "apps.h" #include <openssl/pem.h>
# include "progs.h" #include <openssl/pkcs12.h>
# include <openssl/crypto.h>
# include <openssl/err.h> #define NOKEYS 0x1
# include <openssl/pem.h> #define NOCERTS 0x2
# include <openssl/pkcs12.h> #define INFO 0x4
#define CLCERTS 0x8
# define NOKEYS 0x1 #define CACERTS 0x10
# define NOCERTS 0x2
# define INFO 0x4
# define CLCERTS 0x8
# define CACERTS 0x10
#define PASSWD_BUF_SIZE 2048 #define PASSWD_BUF_SIZE 2048
static int get_cert_chain(X509 *cert, X509_STORE *store, static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain); STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
const char *pass, int passlen, int options, const char *pass, int passlen, int options,
char *pempass, const EVP_CIPHER *enc); char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
const char *pass, int passlen, int options, const char *pass, int passlen, int options,
skipping to change at line 77 skipping to change at line 73
{"keyex", OPT_KEYEX, '-', "Set MS key exchange type"}, {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
{"keysig", OPT_KEYSIG, '-', "Set MS key signature type"}, {"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"}, {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"}, {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"}, {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify"}, {"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
{"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
{"chain", OPT_CHAIN, '-', "Add certificate chain"}, {"chain", OPT_CHAIN, '-', "Add certificate chain"},
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
# ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{"descert", OPT_DESCERT, '-', {"descert", OPT_DESCERT, '-',
"Encrypt output with 3DES (default RC2-40)"}, "Encrypt output with 3DES (default RC2-40)"},
{"certpbe", OPT_CERTPBE, 's', {"certpbe", OPT_CERTPBE, 's',
"Certificate PBE algorithm (default RC2-40)"}, "Certificate PBE algorithm (default RC2-40)"},
# else #else
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
# endif #endif
{"export", OPT_EXPORT, '-', "Output PKCS12 file"}, {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
{"maciter", OPT_MACITER, '-', "Use MAC iteration"}, {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
{"LMK", OPT_LMK, '-', {"LMK", OPT_LMK, '-',
"Add local machine keyset attribute to private key"}, "Add local machine keyset attribute to private key"},
{"nodes", OPT_NODES, '-', "Don't encrypt private keys"}, {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
{"macalg", OPT_MACALG, 's', {"macalg", OPT_MACALG, 's',
"Digest algorithm used in MAC (default SHA1)"}, "Digest algorithm used in MAC (default SHA1)"},
skipping to change at line 116 skipping to change at line 112
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"password", OPT_PASSWORD, 's', "Set import/export password source"}, {"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
{"no-CAfile", OPT_NOCAFILE, '-', {"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"}, "Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-', {"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"}, "Do not load certificates from the default certificates directory"},
{"", OPT_CIPHER, '-', "Any supported cipher"}, {"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif #endif
{NULL} {NULL}
}; };
int pkcs12_main(int argc, char **argv) int pkcs12_main(int argc, char **argv)
{ {
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
char *name = NULL, *csp_name = NULL; char *name = NULL, *csp_name = NULL;
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
# ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
# else #else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
# endif #endif
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1, macver = 1, add_lmk = 0, private = 0; int ret = 1, macver = 1, add_lmk = 0, private = 0;
int noprompt = 0; int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL, *macalg = NULL; char *passin = NULL, *passout = NULL, *macalg = NULL;
char *cpass = NULL, *mpass = NULL, *badpass = NULL; char *cpass = NULL, *mpass = NULL, *badpass = NULL;
const char *CApath = NULL, *CAfile = NULL, *prog; const char *CApath = NULL, *CAfile = NULL, *prog;
int noCApath = 0, noCAfile = 0; int noCApath = 0, noCAfile = 0;
ENGINE *e = NULL; ENGINE *e = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
skipping to change at line 978 skipping to change at line 974
*ppbe = -1; *ppbe = -1;
return 1; return 1;
} }
*ppbe = OBJ_txt2nid(str); *ppbe = OBJ_txt2nid(str);
if (*ppbe == NID_undef) { if (*ppbe == NID_undef) {
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
return 0; return 0;
} }
return 1; return 1;
} }
#endif
 End of changes. 11 change blocks. 
28 lines changed or deleted 24 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)