Tidy up pkcs12 application.

    ERR_load_crypto_strings();

    ERR_load_crypto_strings();

    in = BIO_new (BIO_s_file());

    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);

    out = BIO_new (BIO_s_file());

    else in = BIO_new_file(infile, "rb");

    if (!in) {

    if (!infile) BIO_set_fp (in, stdin, BIO_NOCLOSE);

	    BIO_printf(bio_err, "Error opening input file %s\n",

    else {

						infile ? infile : "<stdin>");

        if (BIO_read_filename (in, infile) <= 0) {

	    perror (infile);

	    perror (infile);

	    goto end;

	    goto end;

   }

   }

    }

   if (certfile) {

   if (certfile) {

    	certsin = BIO_new (BIO_s_file());

    	if(!(certsin = BIO_new_file(certfile, "r"))) {

        if (BIO_read_filename (certsin, certfile) <= 0) {

	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);

	    perror (certfile);

	    perror (certfile);

	    goto end;

	    goto end;

	}

	}

    }

    }

    if (keyname) {

    if (keyname) {

    	inkey = BIO_new (BIO_s_file());

    	if(!(inkey = BIO_new_file(keyname, "r"))) {

        if (BIO_read_filename (inkey, keyname) <= 0) {

	    BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);

	    perror (keyname);

	    perror (keyname);

	    goto end;

	    goto end;

	}

	}

     }

     }

    if (!outfile) BIO_set_fp (out, stdout, BIO_NOCLOSE);

    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);

    else {

    else out = BIO_new_file(outfile, "wb");

        if (BIO_write_filename (out, outfile) <= 0) {

    if (!out) {

	BIO_printf(bio_err, "Error opening output file %s\n",

						outfile ? outfile : "<stdout>");

	perror (outfile);

	perror (outfile);

	goto end;

	goto end;

    }

    }

    }

    if (twopass) {

    if (twopass) {

	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) {

	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))

	{

    	    BIO_printf (bio_err, "Can't read Password\n");

    	    BIO_printf (bio_err, "Can't read Password\n");

    	    goto end;

    	    goto end;

       	}

       	}

	PKCS12_SAFEBAG *bag;

	PKCS12_SAFEBAG *bag;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS7 *authsafe;

	PKCS7 *authsafe;

	X509 *cert, *ucert = NULL;

	X509 *cert = NULL, *ucert = NULL;

	STACK_OF(X509) *certs;

	STACK_OF(X509) *certs;

	char *catmp;

	char *catmp;

	int i, pmatch = 0;

	int i;

	unsigned char keyid[EVP_MAX_MD_SIZE];

	unsigned char keyid[EVP_MAX_MD_SIZE];

	unsigned int keyidlen;

	unsigned int keyidlen = 0;

	/* Get private key so we can match it to a certificate */

	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);

	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);

	if (!inkey) (void) BIO_reset(in);

	if (!inkey) (void) BIO_reset(in);

	if (!key) {

	if (!key) {

		goto end;

		goto end;

	}

	}

	for(i = 0; i < sk_X509_num(certs); i++) {

		ucert = sk_X509_value(certs, i);

		if(X509_check_private_key(ucert, key)) {

			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);

			break;

		}

	}

	if(!keyidlen) {

		BIO_printf(bio_err, "No certificate matches private key\n");

		goto end;

	}

	bags = sk_new (NULL);

	bags = sk_new (NULL);

	/* Add any more certificates asked for */

	/* Add any more certificates asked for */

	    	BIO_free(certsin);

	    	BIO_free(certsin);

 	}

 	}

	/* Find certificate (if any) matching private key */

	for(i = 0; i < sk_X509_num(certs); i++) {

			cert = sk_X509_value(certs, i);

			if(X509_check_private_key(cert, key)) {

				ucert = cert;

				break;

			}

	}

	if(!ucert) {

		BIO_printf(bio_err, "No certificate matches private key\n");

		goto end;

	}

	/* If chaining get chain from user cert */

	/* If chaining get chain from user cert */

	if (chain) {

	if (chain) {

        	int vret;

        	int vret;

		STACK_OF(X509) *chain2;

		STACK_OF(X509) *chain2;

		vret = get_cert_chain (ucert, &chain2);

		vret = get_cert_chain (ucert, &chain2);

		if (vret) {

		if (vret) {

			BIO_printf (bio_err, "Error %s getting chain.\n",

			BIO_printf (bio_err, "Error %s getting chain.\n",

	for(i = 0; i < sk_X509_num(certs); i++) {

	for(i = 0; i < sk_X509_num(certs); i++) {

		cert = sk_X509_value(certs, i);

		cert = sk_X509_value(certs, i);

		bag = M_PKCS12_x5092certbag(cert);

		bag = M_PKCS12_x5092certbag(cert);

		/* If it matches private key mark it */

		/* If it matches private key set id */

		if(cert == ucert) {

		if(cert == ucert) {

			if(name) PKCS12_add_friendlyname(bag, name, -1);

			if(name) PKCS12_add_friendlyname(bag, name, -1);

			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);

			PKCS12_add_localkeyid(bag, keyid, keyidlen);

			PKCS12_add_localkeyid(bag, keyid, keyidlen);

			pmatch = 1;

		} else if((catmp = sk_shift(canames))) 

		} else if((catmp = sk_shift(canames))) 

				PKCS12_add_friendlyname(bag, catmp, -1);

				PKCS12_add_friendlyname(bag, catmp, -1);

		sk_push(bags, (char *)bag);

		sk_push(bags, (char *)bag);

			cpass, -1, NULL, 0, iter, p8);

			cpass, -1, NULL, 0, iter, p8);

	PKCS8_PRIV_KEY_INFO_free(p8);

	PKCS8_PRIV_KEY_INFO_free(p8);

        if (name) PKCS12_add_friendlyname (bag, name, -1);

        if (name) PKCS12_add_friendlyname (bag, name, -1);

	if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);

	PKCS12_add_localkeyid (bag, keyid, keyidlen);

	bags = sk_new(NULL);

	bags = sk_new(NULL);

	sk_push (bags, (char *)bag);

	sk_push (bags, (char *)bag);

	/* Turn it into unencrypted safe bag */

	/* Turn it into unencrypted safe bag */