1ebfedea0SLionel Sambuc /* pkcs8.c */
2*0a6a1f1dSLionel Sambuc /*
3*0a6a1f1dSLionel Sambuc * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4*0a6a1f1dSLionel Sambuc * 1999-2004.
5ebfedea0SLionel Sambuc */
6ebfedea0SLionel Sambuc /* ====================================================================
7ebfedea0SLionel Sambuc * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8ebfedea0SLionel Sambuc *
9ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
10ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
11ebfedea0SLionel Sambuc * are met:
12ebfedea0SLionel Sambuc *
13ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
14ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
15ebfedea0SLionel Sambuc *
16ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
17ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in
18ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the
19ebfedea0SLionel Sambuc * distribution.
20ebfedea0SLionel Sambuc *
21ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this
22ebfedea0SLionel Sambuc * software must display the following acknowledgment:
23ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
24ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25ebfedea0SLionel Sambuc *
26ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27ebfedea0SLionel Sambuc * endorse or promote products derived from this software without
28ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact
29ebfedea0SLionel Sambuc * licensing@OpenSSL.org.
30ebfedea0SLionel Sambuc *
31ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL"
32ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written
33ebfedea0SLionel Sambuc * permission of the OpenSSL Project.
34ebfedea0SLionel Sambuc *
35ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following
36ebfedea0SLionel Sambuc * acknowledgment:
37ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
38ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39ebfedea0SLionel Sambuc *
40ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE.
52ebfedea0SLionel Sambuc * ====================================================================
53ebfedea0SLionel Sambuc *
54ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young
55ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim
56ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com).
57ebfedea0SLionel Sambuc *
58ebfedea0SLionel Sambuc */
59ebfedea0SLionel Sambuc #include <stdio.h>
60ebfedea0SLionel Sambuc #include <string.h>
61ebfedea0SLionel Sambuc #include "apps.h"
62ebfedea0SLionel Sambuc #include <openssl/pem.h>
63ebfedea0SLionel Sambuc #include <openssl/err.h>
64ebfedea0SLionel Sambuc #include <openssl/evp.h>
65ebfedea0SLionel Sambuc #include <openssl/pkcs12.h>
66ebfedea0SLionel Sambuc
67ebfedea0SLionel Sambuc #define PROG pkcs8_main
68ebfedea0SLionel Sambuc
69ebfedea0SLionel Sambuc int MAIN(int, char **);
70ebfedea0SLionel Sambuc
MAIN(int argc,char ** argv)71ebfedea0SLionel Sambuc int MAIN(int argc, char **argv)
72ebfedea0SLionel Sambuc {
73ebfedea0SLionel Sambuc ENGINE *e = NULL;
74ebfedea0SLionel Sambuc char **args, *infile = NULL, *outfile = NULL;
75ebfedea0SLionel Sambuc char *passargin = NULL, *passargout = NULL;
76ebfedea0SLionel Sambuc BIO *in = NULL, *out = NULL;
77ebfedea0SLionel Sambuc int topk8 = 0;
78ebfedea0SLionel Sambuc int pbe_nid = -1;
79ebfedea0SLionel Sambuc const EVP_CIPHER *cipher = NULL;
80ebfedea0SLionel Sambuc int iter = PKCS12_DEFAULT_ITER;
81ebfedea0SLionel Sambuc int informat, outformat;
82ebfedea0SLionel Sambuc int p8_broken = PKCS8_OK;
83ebfedea0SLionel Sambuc int nocrypt = 0;
84ebfedea0SLionel Sambuc X509_SIG *p8 = NULL;
85ebfedea0SLionel Sambuc PKCS8_PRIV_KEY_INFO *p8inf = NULL;
86ebfedea0SLionel Sambuc EVP_PKEY *pkey = NULL;
87ebfedea0SLionel Sambuc char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
88ebfedea0SLionel Sambuc int badarg = 0;
89ebfedea0SLionel Sambuc int ret = 1;
90ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
91ebfedea0SLionel Sambuc char *engine = NULL;
92ebfedea0SLionel Sambuc #endif
93ebfedea0SLionel Sambuc
94*0a6a1f1dSLionel Sambuc if (bio_err == NULL)
95*0a6a1f1dSLionel Sambuc bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
96ebfedea0SLionel Sambuc
97ebfedea0SLionel Sambuc if (!load_config(bio_err, NULL))
98ebfedea0SLionel Sambuc goto end;
99ebfedea0SLionel Sambuc
100ebfedea0SLionel Sambuc informat = FORMAT_PEM;
101ebfedea0SLionel Sambuc outformat = FORMAT_PEM;
102ebfedea0SLionel Sambuc
103ebfedea0SLionel Sambuc ERR_load_crypto_strings();
104ebfedea0SLionel Sambuc OpenSSL_add_all_algorithms();
105ebfedea0SLionel Sambuc args = argv + 1;
106*0a6a1f1dSLionel Sambuc while (!badarg && *args && *args[0] == '-') {
107*0a6a1f1dSLionel Sambuc if (!strcmp(*args, "-v2")) {
108*0a6a1f1dSLionel Sambuc if (args[1]) {
109ebfedea0SLionel Sambuc args++;
110ebfedea0SLionel Sambuc cipher = EVP_get_cipherbyname(*args);
111*0a6a1f1dSLionel Sambuc if (!cipher) {
112*0a6a1f1dSLionel Sambuc BIO_printf(bio_err, "Unknown cipher %s\n", *args);
113ebfedea0SLionel Sambuc badarg = 1;
114ebfedea0SLionel Sambuc }
115*0a6a1f1dSLionel Sambuc } else
116ebfedea0SLionel Sambuc badarg = 1;
117*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-v1")) {
118*0a6a1f1dSLionel Sambuc if (args[1]) {
119ebfedea0SLionel Sambuc args++;
120ebfedea0SLionel Sambuc pbe_nid = OBJ_txt2nid(*args);
121*0a6a1f1dSLionel Sambuc if (pbe_nid == NID_undef) {
122*0a6a1f1dSLionel Sambuc BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
123ebfedea0SLionel Sambuc badarg = 1;
124ebfedea0SLionel Sambuc }
125*0a6a1f1dSLionel Sambuc } else
126ebfedea0SLionel Sambuc badarg = 1;
127*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-inform")) {
128*0a6a1f1dSLionel Sambuc if (args[1]) {
129ebfedea0SLionel Sambuc args++;
130ebfedea0SLionel Sambuc informat = str2fmt(*args);
131*0a6a1f1dSLionel Sambuc } else
132*0a6a1f1dSLionel Sambuc badarg = 1;
133*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-outform")) {
134*0a6a1f1dSLionel Sambuc if (args[1]) {
135ebfedea0SLionel Sambuc args++;
136ebfedea0SLionel Sambuc outformat = str2fmt(*args);
137*0a6a1f1dSLionel Sambuc } else
138*0a6a1f1dSLionel Sambuc badarg = 1;
139*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-topk8"))
140ebfedea0SLionel Sambuc topk8 = 1;
141ebfedea0SLionel Sambuc else if (!strcmp(*args, "-noiter"))
142ebfedea0SLionel Sambuc iter = 1;
143ebfedea0SLionel Sambuc else if (!strcmp(*args, "-nocrypt"))
144ebfedea0SLionel Sambuc nocrypt = 1;
145ebfedea0SLionel Sambuc else if (!strcmp(*args, "-nooct"))
146ebfedea0SLionel Sambuc p8_broken = PKCS8_NO_OCTET;
147ebfedea0SLionel Sambuc else if (!strcmp(*args, "-nsdb"))
148ebfedea0SLionel Sambuc p8_broken = PKCS8_NS_DB;
149ebfedea0SLionel Sambuc else if (!strcmp(*args, "-embed"))
150ebfedea0SLionel Sambuc p8_broken = PKCS8_EMBEDDED_PARAM;
151*0a6a1f1dSLionel Sambuc else if (!strcmp(*args, "-passin")) {
152*0a6a1f1dSLionel Sambuc if (!args[1])
153*0a6a1f1dSLionel Sambuc goto bad;
154ebfedea0SLionel Sambuc passargin = *(++args);
155*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-passout")) {
156*0a6a1f1dSLionel Sambuc if (!args[1])
157*0a6a1f1dSLionel Sambuc goto bad;
158ebfedea0SLionel Sambuc passargout = *(++args);
159ebfedea0SLionel Sambuc }
160ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
161*0a6a1f1dSLionel Sambuc else if (strcmp(*args, "-engine") == 0) {
162*0a6a1f1dSLionel Sambuc if (!args[1])
163*0a6a1f1dSLionel Sambuc goto bad;
164ebfedea0SLionel Sambuc engine = *(++args);
165ebfedea0SLionel Sambuc }
166ebfedea0SLionel Sambuc #endif
167*0a6a1f1dSLionel Sambuc else if (!strcmp(*args, "-in")) {
168*0a6a1f1dSLionel Sambuc if (args[1]) {
169ebfedea0SLionel Sambuc args++;
170ebfedea0SLionel Sambuc infile = *args;
171*0a6a1f1dSLionel Sambuc } else
172*0a6a1f1dSLionel Sambuc badarg = 1;
173*0a6a1f1dSLionel Sambuc } else if (!strcmp(*args, "-out")) {
174*0a6a1f1dSLionel Sambuc if (args[1]) {
175ebfedea0SLionel Sambuc args++;
176ebfedea0SLionel Sambuc outfile = *args;
177*0a6a1f1dSLionel Sambuc } else
178*0a6a1f1dSLionel Sambuc badarg = 1;
179*0a6a1f1dSLionel Sambuc } else
180*0a6a1f1dSLionel Sambuc badarg = 1;
181ebfedea0SLionel Sambuc args++;
182ebfedea0SLionel Sambuc }
183ebfedea0SLionel Sambuc
184*0a6a1f1dSLionel Sambuc if (badarg) {
185ebfedea0SLionel Sambuc bad:
186ebfedea0SLionel Sambuc BIO_printf(bio_err, "Usage pkcs8 [options]\n");
187ebfedea0SLionel Sambuc BIO_printf(bio_err, "where options are\n");
188ebfedea0SLionel Sambuc BIO_printf(bio_err, "-in file input file\n");
189ebfedea0SLionel Sambuc BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
190*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
191*0a6a1f1dSLionel Sambuc "-passin arg input file pass phrase source\n");
192ebfedea0SLionel Sambuc BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
193ebfedea0SLionel Sambuc BIO_printf(bio_err, "-out file output file\n");
194*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
195*0a6a1f1dSLionel Sambuc "-passout arg output file pass phrase source\n");
196ebfedea0SLionel Sambuc BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
197*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
198*0a6a1f1dSLionel Sambuc "-nooct use (nonstandard) no octet format\n");
199*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
200*0a6a1f1dSLionel Sambuc "-embed use (nonstandard) embedded DSA parameters format\n");
201*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
202*0a6a1f1dSLionel Sambuc "-nsdb use (nonstandard) DSA Netscape DB format\n");
203ebfedea0SLionel Sambuc BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
204*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
205*0a6a1f1dSLionel Sambuc "-nocrypt use or expect unencrypted private key\n");
206*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
207*0a6a1f1dSLionel Sambuc "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
208*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
209*0a6a1f1dSLionel Sambuc "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
210ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
211*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
212*0a6a1f1dSLionel Sambuc " -engine e use engine e, possibly a hardware device.\n");
213ebfedea0SLionel Sambuc #endif
214ebfedea0SLionel Sambuc goto end;
215ebfedea0SLionel Sambuc }
216ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
217ebfedea0SLionel Sambuc e = setup_engine(bio_err, engine, 0);
218ebfedea0SLionel Sambuc #endif
219ebfedea0SLionel Sambuc
220*0a6a1f1dSLionel Sambuc if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
221ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error getting passwords\n");
222ebfedea0SLionel Sambuc goto end;
223ebfedea0SLionel Sambuc }
224ebfedea0SLionel Sambuc
225ebfedea0SLionel Sambuc if ((pbe_nid == -1) && !cipher)
226ebfedea0SLionel Sambuc pbe_nid = NID_pbeWithMD5AndDES_CBC;
227ebfedea0SLionel Sambuc
228*0a6a1f1dSLionel Sambuc if (infile) {
229*0a6a1f1dSLionel Sambuc if (!(in = BIO_new_file(infile, "rb"))) {
230*0a6a1f1dSLionel Sambuc BIO_printf(bio_err, "Can't open input file %s\n", infile);
231ebfedea0SLionel Sambuc goto end;
232ebfedea0SLionel Sambuc }
233*0a6a1f1dSLionel Sambuc } else
234ebfedea0SLionel Sambuc in = BIO_new_fp(stdin, BIO_NOCLOSE);
235ebfedea0SLionel Sambuc
236*0a6a1f1dSLionel Sambuc if (outfile) {
237*0a6a1f1dSLionel Sambuc if (!(out = BIO_new_file(outfile, "wb"))) {
238*0a6a1f1dSLionel Sambuc BIO_printf(bio_err, "Can't open output file %s\n", outfile);
239ebfedea0SLionel Sambuc goto end;
240ebfedea0SLionel Sambuc }
241*0a6a1f1dSLionel Sambuc } else {
242ebfedea0SLionel Sambuc out = BIO_new_fp(stdout, BIO_NOCLOSE);
243ebfedea0SLionel Sambuc #ifdef OPENSSL_SYS_VMS
244ebfedea0SLionel Sambuc {
245ebfedea0SLionel Sambuc BIO *tmpbio = BIO_new(BIO_f_linebuffer());
246ebfedea0SLionel Sambuc out = BIO_push(tmpbio, out);
247ebfedea0SLionel Sambuc }
248ebfedea0SLionel Sambuc #endif
249ebfedea0SLionel Sambuc }
250*0a6a1f1dSLionel Sambuc if (topk8) {
251*0a6a1f1dSLionel Sambuc pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
252ebfedea0SLionel Sambuc if (!pkey)
253ebfedea0SLionel Sambuc goto end;
254*0a6a1f1dSLionel Sambuc if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
255ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error converting key\n");
256ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
257ebfedea0SLionel Sambuc goto end;
258ebfedea0SLionel Sambuc }
259*0a6a1f1dSLionel Sambuc if (nocrypt) {
260ebfedea0SLionel Sambuc if (outformat == FORMAT_PEM)
261ebfedea0SLionel Sambuc PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
262ebfedea0SLionel Sambuc else if (outformat == FORMAT_ASN1)
263ebfedea0SLionel Sambuc i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
264*0a6a1f1dSLionel Sambuc else {
265ebfedea0SLionel Sambuc BIO_printf(bio_err, "Bad format specified for key\n");
266ebfedea0SLionel Sambuc goto end;
267ebfedea0SLionel Sambuc }
268*0a6a1f1dSLionel Sambuc } else {
269ebfedea0SLionel Sambuc if (passout)
270ebfedea0SLionel Sambuc p8pass = passout;
271*0a6a1f1dSLionel Sambuc else {
272ebfedea0SLionel Sambuc p8pass = pass;
273*0a6a1f1dSLionel Sambuc if (EVP_read_pw_string
274*0a6a1f1dSLionel Sambuc (pass, sizeof pass, "Enter Encryption Password:", 1))
275ebfedea0SLionel Sambuc goto end;
276ebfedea0SLionel Sambuc }
277ebfedea0SLionel Sambuc app_RAND_load_file(NULL, bio_err, 0);
278ebfedea0SLionel Sambuc if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
279ebfedea0SLionel Sambuc p8pass, strlen(p8pass),
280*0a6a1f1dSLionel Sambuc NULL, 0, iter, p8inf))) {
281ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error encrypting key\n");
282ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
283ebfedea0SLionel Sambuc goto end;
284ebfedea0SLionel Sambuc }
285ebfedea0SLionel Sambuc app_RAND_write_file(NULL, bio_err);
286ebfedea0SLionel Sambuc if (outformat == FORMAT_PEM)
287ebfedea0SLionel Sambuc PEM_write_bio_PKCS8(out, p8);
288ebfedea0SLionel Sambuc else if (outformat == FORMAT_ASN1)
289ebfedea0SLionel Sambuc i2d_PKCS8_bio(out, p8);
290*0a6a1f1dSLionel Sambuc else {
291ebfedea0SLionel Sambuc BIO_printf(bio_err, "Bad format specified for key\n");
292ebfedea0SLionel Sambuc goto end;
293ebfedea0SLionel Sambuc }
294ebfedea0SLionel Sambuc }
295ebfedea0SLionel Sambuc
296ebfedea0SLionel Sambuc ret = 0;
297ebfedea0SLionel Sambuc goto end;
298ebfedea0SLionel Sambuc }
299ebfedea0SLionel Sambuc
300*0a6a1f1dSLionel Sambuc if (nocrypt) {
301ebfedea0SLionel Sambuc if (informat == FORMAT_PEM)
302ebfedea0SLionel Sambuc p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
303ebfedea0SLionel Sambuc else if (informat == FORMAT_ASN1)
304ebfedea0SLionel Sambuc p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
305*0a6a1f1dSLionel Sambuc else {
306ebfedea0SLionel Sambuc BIO_printf(bio_err, "Bad format specified for key\n");
307ebfedea0SLionel Sambuc goto end;
308ebfedea0SLionel Sambuc }
309*0a6a1f1dSLionel Sambuc } else {
310ebfedea0SLionel Sambuc if (informat == FORMAT_PEM)
311ebfedea0SLionel Sambuc p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
312ebfedea0SLionel Sambuc else if (informat == FORMAT_ASN1)
313ebfedea0SLionel Sambuc p8 = d2i_PKCS8_bio(in, NULL);
314*0a6a1f1dSLionel Sambuc else {
315ebfedea0SLionel Sambuc BIO_printf(bio_err, "Bad format specified for key\n");
316ebfedea0SLionel Sambuc goto end;
317ebfedea0SLionel Sambuc }
318ebfedea0SLionel Sambuc
319*0a6a1f1dSLionel Sambuc if (!p8) {
320ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error reading key\n");
321ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
322ebfedea0SLionel Sambuc goto end;
323ebfedea0SLionel Sambuc }
324ebfedea0SLionel Sambuc if (passin)
325ebfedea0SLionel Sambuc p8pass = passin;
326*0a6a1f1dSLionel Sambuc else {
327ebfedea0SLionel Sambuc p8pass = pass;
328ebfedea0SLionel Sambuc EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
329ebfedea0SLionel Sambuc }
330ebfedea0SLionel Sambuc p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
331ebfedea0SLionel Sambuc }
332ebfedea0SLionel Sambuc
333*0a6a1f1dSLionel Sambuc if (!p8inf) {
334ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error decrypting key\n");
335ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
336ebfedea0SLionel Sambuc goto end;
337ebfedea0SLionel Sambuc }
338ebfedea0SLionel Sambuc
339*0a6a1f1dSLionel Sambuc if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
340ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error converting key\n");
341ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
342ebfedea0SLionel Sambuc goto end;
343ebfedea0SLionel Sambuc }
344ebfedea0SLionel Sambuc
345*0a6a1f1dSLionel Sambuc if (p8inf->broken) {
346ebfedea0SLionel Sambuc BIO_printf(bio_err, "Warning: broken key encoding: ");
347*0a6a1f1dSLionel Sambuc switch (p8inf->broken) {
348ebfedea0SLionel Sambuc case PKCS8_NO_OCTET:
349ebfedea0SLionel Sambuc BIO_printf(bio_err, "No Octet String in PrivateKey\n");
350ebfedea0SLionel Sambuc break;
351ebfedea0SLionel Sambuc
352ebfedea0SLionel Sambuc case PKCS8_EMBEDDED_PARAM:
353ebfedea0SLionel Sambuc BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
354ebfedea0SLionel Sambuc break;
355ebfedea0SLionel Sambuc
356ebfedea0SLionel Sambuc case PKCS8_NS_DB:
357ebfedea0SLionel Sambuc BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
358ebfedea0SLionel Sambuc break;
359ebfedea0SLionel Sambuc
360ebfedea0SLionel Sambuc case PKCS8_NEG_PRIVKEY:
361ebfedea0SLionel Sambuc BIO_printf(bio_err, "DSA private key value is negative\n");
362ebfedea0SLionel Sambuc break;
363ebfedea0SLionel Sambuc
364ebfedea0SLionel Sambuc default:
365ebfedea0SLionel Sambuc BIO_printf(bio_err, "Unknown broken type\n");
366ebfedea0SLionel Sambuc break;
367ebfedea0SLionel Sambuc }
368ebfedea0SLionel Sambuc }
369ebfedea0SLionel Sambuc
370ebfedea0SLionel Sambuc if (outformat == FORMAT_PEM)
371ebfedea0SLionel Sambuc PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
372ebfedea0SLionel Sambuc else if (outformat == FORMAT_ASN1)
373ebfedea0SLionel Sambuc i2d_PrivateKey_bio(out, pkey);
374*0a6a1f1dSLionel Sambuc else {
375ebfedea0SLionel Sambuc BIO_printf(bio_err, "Bad format specified for key\n");
376ebfedea0SLionel Sambuc goto end;
377ebfedea0SLionel Sambuc }
378ebfedea0SLionel Sambuc ret = 0;
379ebfedea0SLionel Sambuc
380ebfedea0SLionel Sambuc end:
381ebfedea0SLionel Sambuc X509_SIG_free(p8);
382ebfedea0SLionel Sambuc PKCS8_PRIV_KEY_INFO_free(p8inf);
383ebfedea0SLionel Sambuc EVP_PKEY_free(pkey);
384ebfedea0SLionel Sambuc BIO_free_all(out);
385ebfedea0SLionel Sambuc BIO_free(in);
386ebfedea0SLionel Sambuc if (passin)
387ebfedea0SLionel Sambuc OPENSSL_free(passin);
388ebfedea0SLionel Sambuc if (passout)
389ebfedea0SLionel Sambuc OPENSSL_free(passout);
390ebfedea0SLionel Sambuc
391ebfedea0SLionel Sambuc return ret;
392ebfedea0SLionel Sambuc }
393