Deleted Added
sdiff udiff text old ( 1.1.1.6 ) new ( 1.1.1.7 )
full compact
pkcs8.c (1.1.1.6) pkcs8.c (1.1.1.7)
1/* pkcs8.c */
2/*
1/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 1999-2004.
5 */
6/* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
8 *
3 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
58 */
8 */
9
59#include <stdio.h>
10#include <stdio.h>
11#include <stdlib.h>
60#include <string.h>
61#include "apps.h"
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/pkcs12.h>
66
12#include <string.h>
13#include "apps.h"
14#include <openssl/pem.h>
15#include <openssl/err.h>
16#include <openssl/evp.h>
17#include <openssl/pkcs12.h>
18
67#define PROG pkcs8_main
19typedef enum OPTION_choice {
20 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
21 OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
22 OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
23#ifndef OPENSSL_NO_SCRYPT
24 OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
25#endif
26 OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
27 OPT_TRADITIONAL
28} OPTION_CHOICE;
68
29
69int MAIN(int, char **);
30OPTIONS pkcs8_options[] = {
31 {"help", OPT_HELP, '-', "Display this summary"},
32 {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
33 {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
34 {"in", OPT_IN, '<', "Input file"},
35 {"out", OPT_OUT, '>', "Output file"},
36 {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
37 {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
38 {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
39 {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
40 {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
41 {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
42 {"iter", OPT_ITER, 'p', "Specify the iteration count"},
43 {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
44 {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
45 {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
46#ifndef OPENSSL_NO_ENGINE
47 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
48#endif
49#ifndef OPENSSL_NO_SCRYPT
50 {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
51 {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
52 {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
53 {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
54#endif
55 {NULL}
56};
70
57
71int MAIN(int argc, char **argv)
58int pkcs8_main(int argc, char **argv)
72{
59{
73 ENGINE *e = NULL;
74 char **args, *infile = NULL, *outfile = NULL;
75 char *passargin = NULL, *passargout = NULL;
76 BIO *in = NULL, *out = NULL;
60 BIO *in = NULL, *out = NULL;
77 int topk8 = 0;
78 int pbe_nid = -1;
79 const EVP_CIPHER *cipher = NULL;
80 int iter = PKCS12_DEFAULT_ITER;
81 int informat, outformat;
82 int p8_broken = PKCS8_OK;
83 int nocrypt = 0;
84 X509_SIG *p8 = NULL;
85 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
61 ENGINE *e = NULL;
86 EVP_PKEY *pkey = NULL;
62 EVP_PKEY *pkey = NULL;
87 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
88 int badarg = 0;
89 int ret = 1;
90 char *engine = NULL;
63 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
64 X509_SIG *p8 = NULL;
65 const EVP_CIPHER *cipher = NULL;
66 char *infile = NULL, *outfile = NULL;
67 char *passinarg = NULL, *passoutarg = NULL, *prog;
68#ifndef OPENSSL_NO_UI
69 char pass[APP_PASS_LEN];
70#endif
71 char *passin = NULL, *passout = NULL, *p8pass = NULL;
72 OPTION_CHOICE o;
73 int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
74 int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
75 int private = 0, traditional = 0;
76#ifndef OPENSSL_NO_SCRYPT
77 long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
78#endif
91
79
92 if (bio_err == NULL)
93 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
94
95 if (!load_config(bio_err, NULL))
96 goto end;
97
98 informat = FORMAT_PEM;
99 outformat = FORMAT_PEM;
100
101 ERR_load_crypto_strings();
102 OpenSSL_add_all_algorithms();
103 args = argv + 1;
104 while (!badarg && *args && *args[0] == '-') {
105 if (!strcmp(*args, "-v2")) {
106 if (args[1]) {
107 args++;
108 cipher = EVP_get_cipherbyname(*args);
109 if (!cipher) {
110 BIO_printf(bio_err, "Unknown cipher %s\n", *args);
111 badarg = 1;
112 }
113 } else
114 badarg = 1;
115 } else if (!strcmp(*args, "-v1")) {
116 if (args[1]) {
117 args++;
118 pbe_nid = OBJ_txt2nid(*args);
119 if (pbe_nid == NID_undef) {
120 BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
121 badarg = 1;
122 }
123 } else
124 badarg = 1;
125 } else if (!strcmp(*args, "-v2prf")) {
126 if (args[1]) {
127 args++;
128 pbe_nid = OBJ_txt2nid(*args);
129 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
130 BIO_printf(bio_err, "Unknown PRF algorithm %s\n", *args);
131 badarg = 1;
132 }
133 } else
134 badarg = 1;
135 } else if (!strcmp(*args, "-inform")) {
136 if (args[1]) {
137 args++;
138 informat = str2fmt(*args);
139 } else
140 badarg = 1;
141 } else if (!strcmp(*args, "-outform")) {
142 if (args[1]) {
143 args++;
144 outformat = str2fmt(*args);
145 } else
146 badarg = 1;
147 } else if (!strcmp(*args, "-topk8"))
80 prog = opt_init(argc, argv, pkcs8_options);
81 while ((o = opt_next()) != OPT_EOF) {
82 switch (o) {
83 case OPT_EOF:
84 case OPT_ERR:
85 opthelp:
86 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
87 goto end;
88 case OPT_HELP:
89 opt_help(pkcs8_options);
90 ret = 0;
91 goto end;
92 case OPT_INFORM:
93 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
94 goto opthelp;
95 break;
96 case OPT_IN:
97 infile = opt_arg();
98 break;
99 case OPT_OUTFORM:
100 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
101 goto opthelp;
102 break;
103 case OPT_OUT:
104 outfile = opt_arg();
105 break;
106 case OPT_TOPK8:
148 topk8 = 1;
107 topk8 = 1;
149 else if (!strcmp(*args, "-noiter"))
108 break;
109 case OPT_NOITER:
150 iter = 1;
110 iter = 1;
151 else if (!strcmp(*args, "-nocrypt"))
111 break;
112 case OPT_NOCRYPT:
152 nocrypt = 1;
113 nocrypt = 1;
153 else if (!strcmp(*args, "-nooct"))
154 p8_broken = PKCS8_NO_OCTET;
155 else if (!strcmp(*args, "-nsdb"))
156 p8_broken = PKCS8_NS_DB;
157 else if (!strcmp(*args, "-embed"))
158 p8_broken = PKCS8_EMBEDDED_PARAM;
159 else if (!strcmp(*args, "-passin")) {
160 if (!args[1])
161 goto bad;
162 passargin = *(++args);
163 } else if (!strcmp(*args, "-passout")) {
164 if (!args[1])
165 goto bad;
166 passargout = *(++args);
167 }
168#ifndef OPENSSL_NO_ENGINE
169 else if (strcmp(*args, "-engine") == 0) {
170 if (!args[1])
171 goto bad;
172 engine = *(++args);
173 }
114 break;
115 case OPT_TRADITIONAL:
116 traditional = 1;
117 break;
118 case OPT_V2:
119 if (!opt_cipher(opt_arg(), &cipher))
120 goto opthelp;
121 break;
122 case OPT_V1:
123 pbe_nid = OBJ_txt2nid(opt_arg());
124 if (pbe_nid == NID_undef) {
125 BIO_printf(bio_err,
126 "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
127 goto opthelp;
128 }
129 break;
130 case OPT_V2PRF:
131 pbe_nid = OBJ_txt2nid(opt_arg());
132 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
133 BIO_printf(bio_err,
134 "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
135 goto opthelp;
136 }
137 if (cipher == NULL)
138 cipher = EVP_aes_256_cbc();
139 break;
140 case OPT_ITER:
141 if (!opt_int(opt_arg(), &iter))
142 goto opthelp;
143 break;
144 case OPT_PASSIN:
145 passinarg = opt_arg();
146 break;
147 case OPT_PASSOUT:
148 passoutarg = opt_arg();
149 break;
150 case OPT_ENGINE:
151 e = setup_engine(opt_arg(), 0);
152 break;
153#ifndef OPENSSL_NO_SCRYPT
154 case OPT_SCRYPT:
155 scrypt_N = 16384;
156 scrypt_r = 8;
157 scrypt_p = 1;
158 if (cipher == NULL)
159 cipher = EVP_aes_256_cbc();
160 break;
161 case OPT_SCRYPT_N:
162 if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
163 goto opthelp;
164 break;
165 case OPT_SCRYPT_R:
166 if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
167 goto opthelp;
168 break;
169 case OPT_SCRYPT_P:
170 if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
171 goto opthelp;
172 break;
174#endif
173#endif
175 else if (!strcmp(*args, "-in")) {
176 if (args[1]) {
177 args++;
178 infile = *args;
179 } else
180 badarg = 1;
181 } else if (!strcmp(*args, "-out")) {
182 if (args[1]) {
183 args++;
184 outfile = *args;
185 } else
186 badarg = 1;
187 } else
188 badarg = 1;
189 args++;
174 }
190 }
175 }
176 argc = opt_num_rest();
177 if (argc != 0)
178 goto opthelp;
191
179
192 if (badarg) {
193 bad:
194 BIO_printf(bio_err, "Usage pkcs8 [options]\n");
195 BIO_printf(bio_err, "where options are\n");
196 BIO_printf(bio_err, "-in file input file\n");
197 BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
198 BIO_printf(bio_err,
199 "-passin arg input file pass phrase source\n");
200 BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
201 BIO_printf(bio_err, "-out file output file\n");
202 BIO_printf(bio_err,
203 "-passout arg output file pass phrase source\n");
204 BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
205 BIO_printf(bio_err,
206 "-nooct use (nonstandard) no octet format\n");
207 BIO_printf(bio_err,
208 "-embed use (nonstandard) embedded DSA parameters format\n");
209 BIO_printf(bio_err,
210 "-nsdb use (nonstandard) DSA Netscape DB format\n");
211 BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
212 BIO_printf(bio_err,
213 "-nocrypt use or expect unencrypted private key\n");
214 BIO_printf(bio_err,
215 "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
216 BIO_printf(bio_err,
217 "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
218#ifndef OPENSSL_NO_ENGINE
219 BIO_printf(bio_err,
220 " -engine e use engine e, possibly a hardware device.\n");
221#endif
222 goto end;
223 }
224 e = setup_engine(bio_err, engine, 0);
180 private = 1;
225
181
226 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
182 if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
227 BIO_printf(bio_err, "Error getting passwords\n");
228 goto end;
229 }
230
183 BIO_printf(bio_err, "Error getting passwords\n");
184 goto end;
185 }
186
231 if ((pbe_nid == -1) && !cipher)
232 pbe_nid = NID_pbeWithMD5AndDES_CBC;
187 if ((pbe_nid == -1) && cipher == NULL)
188 cipher = EVP_aes_256_cbc();
233
189
234 if (infile) {
235 if (!(in = BIO_new_file(infile, "rb"))) {
236 BIO_printf(bio_err, "Can't open input file %s\n", infile);
237 goto end;
238 }
239 } else
240 in = BIO_new_fp(stdin, BIO_NOCLOSE);
190 in = bio_open_default(infile, 'r', informat);
191 if (in == NULL)
192 goto end;
193 out = bio_open_owner(outfile, outformat, private);
194 if (out == NULL)
195 goto end;
241
196
242 if (outfile) {
243 if (!(out = BIO_new_file(outfile, "wb"))) {
244 BIO_printf(bio_err, "Can't open output file %s\n", outfile);
245 goto end;
246 }
247 } else {
248 out = BIO_new_fp(stdout, BIO_NOCLOSE);
249#ifdef OPENSSL_SYS_VMS
250 {
251 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
252 out = BIO_push(tmpbio, out);
253 }
254#endif
255 }
256 if (topk8) {
197 if (topk8) {
257 pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
198 pkey = load_key(infile, informat, 1, passin, e, "key");
258 if (!pkey)
259 goto end;
199 if (!pkey)
200 goto end;
260 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
201 if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
261 BIO_printf(bio_err, "Error converting key\n");
262 ERR_print_errors(bio_err);
263 goto end;
264 }
265 if (nocrypt) {
202 BIO_printf(bio_err, "Error converting key\n");
203 ERR_print_errors(bio_err);
204 goto end;
205 }
206 if (nocrypt) {
207 assert(private);
266 if (outformat == FORMAT_PEM)
267 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
268 else if (outformat == FORMAT_ASN1)
269 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
270 else {
271 BIO_printf(bio_err, "Bad format specified for key\n");
272 goto end;
273 }
274 } else {
208 if (outformat == FORMAT_PEM)
209 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
210 else if (outformat == FORMAT_ASN1)
211 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
212 else {
213 BIO_printf(bio_err, "Bad format specified for key\n");
214 goto end;
215 }
216 } else {
217 X509_ALGOR *pbe;
218 if (cipher) {
219#ifndef OPENSSL_NO_SCRYPT
220 if (scrypt_N && scrypt_r && scrypt_p)
221 pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
222 scrypt_N, scrypt_r, scrypt_p);
223 else
224#endif
225 pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
226 pbe_nid);
227 } else {
228 pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
229 }
230 if (pbe == NULL) {
231 BIO_printf(bio_err, "Error setting PBE algorithm\n");
232 ERR_print_errors(bio_err);
233 goto end;
234 }
275 if (passout)
276 p8pass = passout;
235 if (passout)
236 p8pass = passout;
277 else {
237 else if (1) {
238#ifndef OPENSSL_NO_UI
278 p8pass = pass;
279 if (EVP_read_pw_string
239 p8pass = pass;
240 if (EVP_read_pw_string
280 (pass, sizeof pass, "Enter Encryption Password:", 1))
241 (pass, sizeof pass, "Enter Encryption Password:", 1)) {
242 X509_ALGOR_free(pbe);
281 goto end;
243 goto end;
244 }
245 } else {
246#endif
247 BIO_printf(bio_err, "Password required\n");
248 goto end;
282 }
249 }
283 app_RAND_load_file(NULL, bio_err, 0);
284 if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
285 p8pass, strlen(p8pass),
286 NULL, 0, iter, p8inf))) {
250 app_RAND_load_file(NULL, 0);
251 p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
252 if (p8 == NULL) {
253 X509_ALGOR_free(pbe);
287 BIO_printf(bio_err, "Error encrypting key\n");
288 ERR_print_errors(bio_err);
289 goto end;
290 }
254 BIO_printf(bio_err, "Error encrypting key\n");
255 ERR_print_errors(bio_err);
256 goto end;
257 }
291 app_RAND_write_file(NULL, bio_err);
258 app_RAND_write_file(NULL);
259 assert(private);
292 if (outformat == FORMAT_PEM)
293 PEM_write_bio_PKCS8(out, p8);
294 else if (outformat == FORMAT_ASN1)
295 i2d_PKCS8_bio(out, p8);
296 else {
297 BIO_printf(bio_err, "Bad format specified for key\n");
298 goto end;
299 }

--- 24 unchanged lines hidden (view full) ---

324
325 if (!p8) {
326 BIO_printf(bio_err, "Error reading key\n");
327 ERR_print_errors(bio_err);
328 goto end;
329 }
330 if (passin)
331 p8pass = passin;
260 if (outformat == FORMAT_PEM)
261 PEM_write_bio_PKCS8(out, p8);
262 else if (outformat == FORMAT_ASN1)
263 i2d_PKCS8_bio(out, p8);
264 else {
265 BIO_printf(bio_err, "Bad format specified for key\n");
266 goto end;
267 }

--- 24 unchanged lines hidden (view full) ---

292
293 if (!p8) {
294 BIO_printf(bio_err, "Error reading key\n");
295 ERR_print_errors(bio_err);
296 goto end;
297 }
298 if (passin)
299 p8pass = passin;
332 else {
300 else if (1) {
301#ifndef OPENSSL_NO_UI
333 p8pass = pass;
302 p8pass = pass;
334 EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
303 if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) {
304 BIO_printf(bio_err, "Can't read Password\n");
305 goto end;
306 }
307 } else {
308#endif
309 BIO_printf(bio_err, "Password required\n");
310 goto end;
335 }
336 p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
337 }
338
339 if (!p8inf) {
340 BIO_printf(bio_err, "Error decrypting key\n");
341 ERR_print_errors(bio_err);
342 goto end;
343 }
344
311 }
312 p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
313 }
314
315 if (!p8inf) {
316 BIO_printf(bio_err, "Error decrypting key\n");
317 ERR_print_errors(bio_err);
318 goto end;
319 }
320
345 if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
321 if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
346 BIO_printf(bio_err, "Error converting key\n");
347 ERR_print_errors(bio_err);
348 goto end;
349 }
350
322 BIO_printf(bio_err, "Error converting key\n");
323 ERR_print_errors(bio_err);
324 goto end;
325 }
326
351 if (p8inf->broken) {
352 BIO_printf(bio_err, "Warning: broken key encoding: ");
353 switch (p8inf->broken) {
354 case PKCS8_NO_OCTET:
355 BIO_printf(bio_err, "No Octet String in PrivateKey\n");
356 break;
357
358 case PKCS8_EMBEDDED_PARAM:
359 BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
360 break;
361
362 case PKCS8_NS_DB:
363 BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
364 break;
365
366 case PKCS8_NEG_PRIVKEY:
367 BIO_printf(bio_err, "DSA private key value is negative\n");
368 break;
369
370 default:
371 BIO_printf(bio_err, "Unknown broken type\n");
372 break;
373 }
374 }
375
376 if (outformat == FORMAT_PEM)
377 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
378 else if (outformat == FORMAT_ASN1)
327 assert(private);
328 if (outformat == FORMAT_PEM) {
329 if (traditional)
330 PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
331 NULL, passout);
332 else
333 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
334 } else if (outformat == FORMAT_ASN1) {
379 i2d_PrivateKey_bio(out, pkey);
335 i2d_PrivateKey_bio(out, pkey);
380 else {
336 } else {
381 BIO_printf(bio_err, "Bad format specified for key\n");
382 goto end;
383 }
384 ret = 0;
385
386 end:
387 X509_SIG_free(p8);
388 PKCS8_PRIV_KEY_INFO_free(p8inf);
389 EVP_PKEY_free(pkey);
390 release_engine(e);
391 BIO_free_all(out);
392 BIO_free(in);
337 BIO_printf(bio_err, "Bad format specified for key\n");
338 goto end;
339 }
340 ret = 0;
341
342 end:
343 X509_SIG_free(p8);
344 PKCS8_PRIV_KEY_INFO_free(p8inf);
345 EVP_PKEY_free(pkey);
346 release_engine(e);
347 BIO_free_all(out);
348 BIO_free(in);
393 if (passin)
394 OPENSSL_free(passin);
395 if (passout)
396 OPENSSL_free(passout);
349 OPENSSL_free(passin);
350 OPENSSL_free(passout);
397
398 return ret;
399}
351
352 return ret;
353}