From 368b527fa104be7769e1b1c4e8017652b497d5fc Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Fri, 5 Dec 2014 11:10:33 +0100 Subject: [PATCH] add DER format for certificate import --- tool/cmdline.ggo | 2 +- tool/util.h | 2 ++ tool/yubico-piv-tool.c | 13 ++++++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo index be2d729..98b0fb5 100644 --- a/tool/cmdline.ggo +++ b/tool/cmdline.ggo @@ -47,7 +47,7 @@ option "pin-retries" - "Number of retries before the pin code is blocked" int op option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries" option "input" i "Filename to use as input, - for stdin" string optional default="-" option "output" o "Filename to use as output, - for stdout" string optional default="-" -option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP" enum optional default="PEM" +option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER" enum optional default="PEM" option "password" p "Password for decryption of private key file" string optional option "subject" S "The subject to use for certificate request" string optional text " diff --git a/tool/util.h b/tool/util.h index d03f8ad..9ad2051 100644 --- a/tool/util.h +++ b/tool/util.h @@ -32,6 +32,8 @@ #include +#include "cmdline.h" + #define INPUT 1 #define OUTPUT 2 diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 655f0ab..f33ced6 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -405,7 +405,7 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format, PKCS12 *p12 = NULL; EVP_PKEY *private_key = NULL; int compress = 0; - int cert_len; + int cert_len = -1; input_file = open_file(input_file_name, INPUT); if(!input_file) { @@ -418,7 +418,12 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format, fprintf(stderr, "Failed loading certificate for import.\n"); goto import_cert_out; } - cert_len = i2d_X509(cert, NULL); + } else if(cert_format == key_format_arg_DER) { + cert = d2i_X509_fp(input_file, NULL); + if(!cert) { + fprintf(stderr, "Failed loading certificate for import.\n"); + goto import_cert_out; + } } else if(cert_format == key_format_arg_PKCS12) { p12 = d2i_PKCS12_fp(input_file, NULL); if(!p12) { @@ -429,7 +434,6 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format, fprintf(stderr, "Failed to parse PKCS12 structure.\n"); goto import_cert_out; } - cert_len = i2d_X509(cert, NULL); } else if (cert_format == key_format_arg_GZIP) { struct stat st; @@ -444,6 +448,9 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format, fprintf(stderr, "Unknown key format.\n"); goto import_cert_out; } + if(cert_len == -1) { + cert_len = i2d_X509(cert, NULL); + } { unsigned char certdata[2100];