Pass phrase reorganisation.
This commit is contained in:
parent
bd03b99b9b
commit
a3fe382e2d
8
CHANGES
8
CHANGES
@ -4,6 +4,14 @@
|
||||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
|
||||
|
||||
*) Reorganise password command line arguments: now passwords can be
|
||||
obtained from various sources. Delete the PEM_cb function and make
|
||||
it the default behaviour: i.e. if the callback is NULL and the
|
||||
usrdata argument is not NULL interpret it as a null terminated pass
|
||||
phrase. If usrdata and the callback are NULL then the pass phrase
|
||||
is prompted for as usual.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add support for the Compaq Atalla crypto accelerator. If it is installed,
|
||||
the support is automatically enabled. The resulting binaries will
|
||||
autodetect the card and use it if present.
|
||||
|
76
apps/apps.c
76
apps/apps.c
@ -325,6 +325,7 @@ int app_init(long mesgwin)
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int dump_cert_text (BIO *out, X509 *x)
|
||||
{
|
||||
char buf[256];
|
||||
@ -338,3 +339,78 @@ int dump_cert_text (BIO *out, X509 *x)
|
||||
BIO_puts(out,"\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static char *app_get_pass(BIO *err, char *arg, int keepbio);
|
||||
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
|
||||
{
|
||||
int same;
|
||||
if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
|
||||
else same = 1;
|
||||
if(arg1) {
|
||||
*pass1 = app_get_pass(err, arg1, same);
|
||||
if(!*pass1) return 0;
|
||||
} else if(pass1) *pass1 = NULL;
|
||||
if(arg2) {
|
||||
*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
|
||||
if(!*pass2) return 0;
|
||||
} else if(pass2) *pass2 = NULL;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static char *app_get_pass(BIO *err, char *arg, int keepbio)
|
||||
{
|
||||
char *tmp, tpass[APP_PASS_LEN];
|
||||
static BIO *pwdbio = NULL;
|
||||
int i;
|
||||
if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
|
||||
if(!strncmp(arg, "env:", 4)) {
|
||||
tmp = getenv(arg + 4);
|
||||
if(!tmp) {
|
||||
BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
|
||||
return NULL;
|
||||
}
|
||||
return BUF_strdup(tmp);
|
||||
}
|
||||
if(!keepbio || !pwdbio) {
|
||||
if(!strncmp(arg, "file:", 5)) {
|
||||
pwdbio = BIO_new_file(arg + 5, "r");
|
||||
if(!pwdbio) {
|
||||
BIO_printf(err, "Can't open file %s\n", arg + 5);
|
||||
return NULL;
|
||||
}
|
||||
} else if(!strncmp(arg, "fd:", 3)) {
|
||||
BIO *btmp;
|
||||
i = atoi(arg + 3);
|
||||
if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
|
||||
if((i < 0) || !pwdbio) {
|
||||
BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
|
||||
return NULL;
|
||||
}
|
||||
/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
|
||||
btmp = BIO_new(BIO_f_buffer());
|
||||
pwdbio = BIO_push(btmp, pwdbio);
|
||||
} else if(!strcmp(arg, "stdin")) {
|
||||
pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||
if(!pwdbio) {
|
||||
BIO_printf(err, "Can't open BIO for stdin\n");
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
|
||||
if(keepbio != 1) {
|
||||
BIO_free_all(pwdbio);
|
||||
pwdbio = NULL;
|
||||
}
|
||||
if(i <= 0) {
|
||||
BIO_printf(err, "Error reading password from BIO\n");
|
||||
return NULL;
|
||||
}
|
||||
tmp = strchr(tpass, '\n');
|
||||
if(tmp) *tmp = 0;
|
||||
return BUF_strdup(tpass);
|
||||
}
|
||||
|
@ -145,10 +145,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
||||
#ifdef HEADER_X509_H
|
||||
int dump_cert_text(BIO *out, X509 *x);
|
||||
#endif
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||
#define FORMAT_UNDEF 0
|
||||
#define FORMAT_ASN1 1
|
||||
#define FORMAT_TEXT 2
|
||||
#define FORMAT_PEM 3
|
||||
#define FORMAT_NETSCAPE 4
|
||||
|
||||
#define APP_PASS_LEN 1024
|
||||
|
||||
#endif
|
||||
|
@ -533,7 +533,7 @@ bad:
|
||||
BIO_printf(bio_err,"trying to load CA private key\n");
|
||||
goto err;
|
||||
}
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key);
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
|
||||
if(key) memset(key,0,strlen(key));
|
||||
if (pkey == NULL)
|
||||
{
|
||||
|
50
apps/dsa.c
50
apps/dsa.c
@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
|
||||
int informat,outformat,text=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int modulus=0;
|
||||
|
||||
@ -137,34 +138,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passout= *(++argv);
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout=1;
|
||||
@ -194,11 +173,9 @@ bad:
|
||||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
|
||||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef NO_IDEA
|
||||
@ -212,6 +189,11 @@ bad:
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
@ -237,7 +219,7 @@ bad:
|
||||
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
|
||||
} else if (informat == FORMAT_PEM) {
|
||||
if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
|
||||
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin);
|
||||
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
|
||||
} else
|
||||
{
|
||||
BIO_printf(bio_err,"bad input format specified for key\n");
|
||||
@ -285,7 +267,7 @@ bad:
|
||||
if(pubin || pubout)
|
||||
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
|
||||
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
|
||||
NULL,0,PEM_cb, passout);
|
||||
NULL,0,NULL, passout);
|
||||
} else {
|
||||
BIO_printf(bio_err,"bad output format specified for outfile\n");
|
||||
goto end;
|
||||
@ -298,9 +280,11 @@ bad:
|
||||
else
|
||||
ret=0;
|
||||
end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
if(in != NULL) BIO_free(in);
|
||||
if(out != NULL) BIO_free(out);
|
||||
if(dsa != NULL) DSA_free(dsa);
|
||||
if(passin) Free(passin);
|
||||
if(passout) Free(passout);
|
||||
EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -81,7 +81,7 @@ int MAIN(int argc, char **argv)
|
||||
int ret=1;
|
||||
char *outfile=NULL;
|
||||
char *inrand=NULL,*dsaparams=NULL;
|
||||
char *passout = NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
BIO *out=NULL,*in=NULL;
|
||||
EVP_CIPHER *enc=NULL;
|
||||
|
||||
@ -101,21 +101,10 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
goto bad;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passout= *(++argv);
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
@ -164,6 +153,12 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
if (!(BIO_read_filename(in,dsaparams)))
|
||||
{
|
||||
@ -207,7 +202,7 @@ bad:
|
||||
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
|
||||
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,PEM_cb, passout))
|
||||
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
|
||||
goto end;
|
||||
ret=0;
|
||||
end:
|
||||
@ -216,6 +211,7 @@ end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
if(passout) Free(passout);
|
||||
EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -87,7 +87,7 @@ int MAIN(int argc, char **argv)
|
||||
EVP_CIPHER *enc=NULL;
|
||||
unsigned long f4=RSA_F4;
|
||||
char *outfile=NULL;
|
||||
char *passout = NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
char *inrand=NULL;
|
||||
BIO *out=NULL;
|
||||
|
||||
@ -131,21 +131,10 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-idea") == 0)
|
||||
enc=EVP_idea_cbc();
|
||||
#endif
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
goto bad;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passout= *(++argv);
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else
|
||||
break;
|
||||
@ -162,8 +151,7 @@ bad:
|
||||
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -out file output the key to 'file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
|
||||
BIO_printf(bio_err," -3 use 3 for the E value\n");
|
||||
BIO_printf(bio_err," -rand file:file:...\n");
|
||||
@ -173,6 +161,12 @@ bad:
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (outfile == NULL)
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
else
|
||||
@ -212,13 +206,14 @@ bad:
|
||||
l+=rsa->e->d[i];
|
||||
}
|
||||
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,PEM_cb, passout))
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
|
||||
goto err;
|
||||
|
||||
ret=0;
|
||||
err:
|
||||
if (rsa != NULL) RSA_free(rsa);
|
||||
if (out != NULL) BIO_free(out);
|
||||
if(passout) Free(passout);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
EXIT(ret);
|
||||
|
@ -113,6 +113,7 @@ int MAIN(int argc, char **argv)
|
||||
int noprompt = 0;
|
||||
STACK *canames = NULL;
|
||||
char *cpass = NULL, *mpass = NULL;
|
||||
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *inrand = NULL;
|
||||
|
||||
@ -210,46 +211,17 @@ int MAIN(int argc, char **argv)
|
||||
} else if (!strcmp(*args,"-passin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
passin = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*args,"-envpassin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if(!(passin= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*args,"-envpassout")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if(!(passout= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
passargin = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*args,"-passout")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
passout = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-envpass")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if(!(cpass = getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n", *args);
|
||||
goto end;
|
||||
}
|
||||
passargout = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-password")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
cpass = *args;
|
||||
passarg = *args;
|
||||
noprompt = 1;
|
||||
} else badarg = 1;
|
||||
} else badarg = 1;
|
||||
@ -290,18 +262,25 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
|
||||
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
|
||||
BIO_printf (bio_err, "-keysig set MS key signature type\n");
|
||||
BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
|
||||
BIO_printf (bio_err, "-envpass p set import/export password from environment\n");
|
||||
BIO_printf (bio_err, "-passin p input file pass phrase\n");
|
||||
BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
|
||||
BIO_printf (bio_err, "-passout p output file pass phrase\n");
|
||||
BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
|
||||
BIO_printf (bio_err, "-password p set import/export password source\n");
|
||||
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
|
||||
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
|
||||
BIO_printf(bio_err, "-rand file:file:...\n");
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(passarg) {
|
||||
if(export_cert) passargout = passarg;
|
||||
else passargin = passarg;
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(!cpass) {
|
||||
if(export_cert) cpass = passout;
|
||||
else cpass = passin;
|
||||
@ -395,7 +374,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("process -export_cert");
|
||||
#endif
|
||||
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, PEM_cb, passin);
|
||||
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
|
||||
if (!inkey) (void) BIO_reset(in);
|
||||
else BIO_free(inkey);
|
||||
if (!key) {
|
||||
@ -579,6 +558,8 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
BIO_free(in);
|
||||
BIO_free(out);
|
||||
if(passin) Free(passin);
|
||||
if(passout) Free(passout);
|
||||
EXIT(ret);
|
||||
}
|
||||
|
||||
@ -643,7 +624,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
p8 = bag->value.keybag;
|
||||
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
|
||||
print_attribs (out, p8->attributes, "Key Attributes");
|
||||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass);
|
||||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
|
||||
EVP_PKEY_free(pkey);
|
||||
break;
|
||||
|
||||
@ -659,7 +640,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
|
||||
print_attribs (out, p8->attributes, "Key Attributes");
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass);
|
||||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
|
||||
EVP_PKEY_free(pkey);
|
||||
break;
|
||||
|
||||
|
44
apps/pkcs8.c
44
apps/pkcs8.c
@ -71,6 +71,7 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
char **args, *infile = NULL, *outfile = NULL;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int topk8 = 0;
|
||||
int pbe_nid = -1;
|
||||
@ -130,34 +131,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (!strcmp(*args,"-passin"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
passin= *(++args);
|
||||
}
|
||||
else if (!strcmp(*args,"-envpassin"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
if(!(passin= getenv(*(++args))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*args,"-envpassout") == 0)
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
if(!(passout= getenv(*(++args))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
passargin= *(++args);
|
||||
}
|
||||
else if (!strcmp(*args,"-passout"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
passout= *(++args);
|
||||
passargout= *(++args);
|
||||
}
|
||||
else if (!strcmp (*args, "-in")) {
|
||||
if (args[1]) {
|
||||
@ -179,12 +158,10 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, "-in file input file\n");
|
||||
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
|
||||
BIO_printf(bio_err, "-passin arg input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-envpassin arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
|
||||
BIO_printf(bio_err, "-out file output file\n");
|
||||
BIO_printf(bio_err, "-passout arg output file pass phrase\n");
|
||||
BIO_printf(bio_err, "-envpassout arg environment variable containing outut file pass phrase\n");
|
||||
BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
|
||||
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
|
||||
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
|
||||
@ -196,6 +173,11 @@ int MAIN(int argc, char **argv)
|
||||
return (1);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
return (1);
|
||||
}
|
||||
|
||||
if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
|
||||
|
||||
if (infile) {
|
||||
@ -216,7 +198,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (topk8) {
|
||||
if(informat == FORMAT_PEM)
|
||||
pkey = PEM_read_bio_PrivateKey(in, NULL, PEM_cb, passin);
|
||||
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
|
||||
else if(informat == FORMAT_ASN1)
|
||||
pkey = d2i_PrivateKey_bio(in, NULL);
|
||||
else {
|
||||
@ -339,7 +321,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
if(outformat == FORMAT_PEM)
|
||||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, PEM_cb, passout);
|
||||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
|
||||
else if(outformat == FORMAT_ASN1)
|
||||
i2d_PrivateKey_bio(out, pkey);
|
||||
else {
|
||||
@ -350,6 +332,8 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free(out);
|
||||
BIO_free(in);
|
||||
if(passin) Free(passin);
|
||||
if(passout) Free(passout);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
38
apps/req.c
38
apps/req.c
@ -156,6 +156,7 @@ int MAIN(int argc, char **argv)
|
||||
char *req_exts = NULL;
|
||||
EVP_CIPHER *cipher=NULL;
|
||||
int modulus=0;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *p;
|
||||
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
|
||||
@ -231,34 +232,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passout= *(++argv);
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-newkey") == 0)
|
||||
{
|
||||
@ -401,13 +380,16 @@ bad:
|
||||
BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
|
||||
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
|
||||
BIO_printf(bio_err," have been reported as requiring\n");
|
||||
BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
|
||||
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
|
||||
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
|
||||
/* Lets load up our environment a little */
|
||||
@ -540,7 +522,7 @@ bad:
|
||||
pkey=d2i_PrivateKey_bio(in,NULL);
|
||||
else if (keyform == FORMAT_PEM)
|
||||
{
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -629,7 +611,7 @@ bad:
|
||||
i=0;
|
||||
loop:
|
||||
if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
|
||||
NULL,0,PEM_cb,passout))
|
||||
NULL,0,NULL,passout))
|
||||
{
|
||||
if ((ERR_GET_REASON(ERR_peek_error()) ==
|
||||
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
|
||||
@ -892,6 +874,8 @@ end:
|
||||
EVP_PKEY_free(pkey);
|
||||
X509_REQ_free(req);
|
||||
X509_free(x509ss);
|
||||
if(passin) Free(passin);
|
||||
if(passout) Free(passout);
|
||||
OBJ_cleanup();
|
||||
#ifndef NO_DSA
|
||||
if (dsa_params != NULL) DSA_free(dsa_params);
|
||||
|
50
apps/rsa.c
50
apps/rsa.c
@ -98,6 +98,7 @@ int MAIN(int argc, char **argv)
|
||||
int informat,outformat,text=0,check=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int modulus=0;
|
||||
|
||||
@ -140,34 +141,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passout= *(++argv);
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-pubin") == 0)
|
||||
pubin=1;
|
||||
@ -199,12 +178,10 @@ bad:
|
||||
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
|
||||
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef NO_IDEA
|
||||
@ -221,6 +198,11 @@ bad:
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(check && pubin) {
|
||||
BIO_printf(bio_err, "Only private keys can be checked\n");
|
||||
goto end;
|
||||
@ -279,7 +261,7 @@ bad:
|
||||
#endif
|
||||
else if (informat == FORMAT_PEM) {
|
||||
if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
|
||||
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin);
|
||||
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -379,7 +361,7 @@ bad:
|
||||
if(pubout || pubin)
|
||||
i=PEM_write_bio_RSA_PUBKEY(out,rsa);
|
||||
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
|
||||
enc,NULL,0,PEM_cb,passout);
|
||||
enc,NULL,0,NULL,passout);
|
||||
} else {
|
||||
BIO_printf(bio_err,"bad output format specified for outfile\n");
|
||||
goto end;
|
||||
@ -392,9 +374,11 @@ bad:
|
||||
else
|
||||
ret=0;
|
||||
end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free(out);
|
||||
if (rsa != NULL) RSA_free(rsa);
|
||||
if(in != NULL) BIO_free(in);
|
||||
if(out != NULL) BIO_free(out);
|
||||
if(rsa != NULL) RSA_free(rsa);
|
||||
if(passin) Free(passin);
|
||||
if(passout) Free(passout);
|
||||
EXIT(ret);
|
||||
}
|
||||
#else /* !NO_RSA */
|
||||
|
23
apps/smime.c
23
apps/smime.c
@ -101,7 +101,8 @@ int MAIN(int argc, char **argv)
|
||||
int badarg = 0;
|
||||
int flags = PKCS7_DETACHED;
|
||||
char *to = NULL, *from = NULL, *subject = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL, *passin = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *inrand = NULL;
|
||||
int need_rand = 0;
|
||||
args = argv + 1;
|
||||
@ -155,17 +156,7 @@ int MAIN(int argc, char **argv)
|
||||
} else if (!strcmp(*args,"-passin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
passin = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*argv,"-envpassin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if(!(passin= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
passargin = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-to")) {
|
||||
if (args[1]) {
|
||||
@ -288,6 +279,11 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (need_rand) {
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
@ -536,6 +532,7 @@ end:
|
||||
BIO_free(in);
|
||||
BIO_free(indata);
|
||||
BIO_free(out);
|
||||
if(passin) Free(passin);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
@ -554,7 +551,7 @@ static EVP_PKEY *load_key(char *file, char *pass)
|
||||
BIO *in;
|
||||
EVP_PKEY *key;
|
||||
if(!(in = BIO_new_file(file, "r"))) return NULL;
|
||||
key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass);
|
||||
key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
|
||||
BIO_free(in);
|
||||
return key;
|
||||
}
|
||||
|
26
apps/spkac.c
26
apps/spkac.c
@ -82,7 +82,8 @@ int MAIN(int argc, char **argv)
|
||||
int i,badops=0, ret = 1;
|
||||
BIO *in = NULL,*out = NULL, *key = NULL;
|
||||
int verify=0,noout=0,pubkey=0;
|
||||
char *infile = NULL,*outfile = NULL,*prog, *passin = NULL;
|
||||
char *infile = NULL,*outfile = NULL,*prog;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
|
||||
char *challenge = NULL, *keyfile = NULL;
|
||||
LHASH *conf = NULL;
|
||||
@ -111,18 +112,7 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-key") == 0)
|
||||
{
|
||||
@ -163,8 +153,7 @@ bad:
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase\n");
|
||||
BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err," -challenge arg challenge string\n");
|
||||
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
|
||||
BIO_printf(bio_err," -noout don't print SPKAC\n");
|
||||
@ -174,6 +163,10 @@ bad:
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(keyfile) {
|
||||
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
|
||||
@ -183,7 +176,7 @@ bad:
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
pkey = PEM_read_bio_PrivateKey(key, NULL, PEM_cb, passin);
|
||||
pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
|
||||
if(!pkey) {
|
||||
BIO_printf(bio_err, "Error reading private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
@ -276,5 +269,6 @@ end:
|
||||
BIO_free(out);
|
||||
BIO_free(key);
|
||||
EVP_PKEY_free(pkey);
|
||||
if(passin) Free(passin);
|
||||
EXIT(ret);
|
||||
}
|
||||
|
26
apps/x509.c
26
apps/x509.c
@ -92,8 +92,7 @@ static char *x509_usage[]={
|
||||
" -CAkeyform arg - CA key format - default PEM\n",
|
||||
" -in arg - input file - default stdin\n",
|
||||
" -out arg - output file - default stdout\n",
|
||||
" -passin arg - private key password\n",
|
||||
" -envpassin arg - read private key password from environment variable \"arg\"\n",
|
||||
" -passin arg - private key password source\n",
|
||||
" -serial - print serial number value\n",
|
||||
" -hash - print hash value\n",
|
||||
" -subject - print subject DN\n",
|
||||
@ -171,7 +170,7 @@ int MAIN(int argc, char **argv)
|
||||
char buf[256];
|
||||
const EVP_MD *md_alg,*digest=EVP_md5();
|
||||
LHASH *extconf = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||
int need_rand = 0;
|
||||
|
||||
reqfile=0;
|
||||
@ -240,18 +239,7 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-extfile") == 0)
|
||||
{
|
||||
@ -404,6 +392,11 @@ bad:
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!X509_STORE_set_default_paths(ctx))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
@ -882,6 +875,7 @@ end:
|
||||
X509_REQ_free(rq);
|
||||
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
||||
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
||||
if(passin) Free(passin);
|
||||
EXIT(ret);
|
||||
}
|
||||
|
||||
@ -1101,7 +1095,7 @@ static EVP_PKEY *load_key(char *file, int format, char *passin)
|
||||
#endif
|
||||
if (format == FORMAT_PEM)
|
||||
{
|
||||
pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin);
|
||||
pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -421,4 +421,4 @@ int ASN1_STRING_type(ASN1_STRING *x)
|
||||
{ return M_ASN1_STRING_type(x); }
|
||||
|
||||
unsigned char * ASN1_STRING_data(ASN1_STRING *x)
|
||||
{ return ASN1_STRING_data(x); }
|
||||
{ return M_ASN1_STRING_data(x); }
|
||||
|
@ -601,9 +601,6 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
|
||||
|
||||
int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
|
||||
char *kstr,int klen, pem_password_cb *cd, void *u);
|
||||
#ifdef MS_CALLBACK
|
||||
int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key);
|
||||
#endif
|
||||
|
||||
#endif /* SSLEAY_MACROS */
|
||||
|
||||
|
@ -85,7 +85,7 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
|
||||
char *kstr, int klen,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
static int def_callback(char *buf, int num, int w, void *userdata)
|
||||
static int def_callback(char *buf, int num, int w, void *key)
|
||||
{
|
||||
#ifdef NO_FP_API
|
||||
/* We should not ever call the default callback routine from
|
||||
@ -95,6 +95,12 @@ static int def_callback(char *buf, int num, int w, void *userdata)
|
||||
#else
|
||||
int i,j;
|
||||
const char *prompt;
|
||||
if(key) {
|
||||
i=strlen(key);
|
||||
i=(i > num)?num:i;
|
||||
memcpy(buf,key,i);
|
||||
return(i);
|
||||
}
|
||||
|
||||
prompt=EVP_get_pw_prompt();
|
||||
if (prompt == NULL)
|
||||
@ -121,22 +127,6 @@ static int def_callback(char *buf, int num, int w, void *userdata)
|
||||
#endif
|
||||
}
|
||||
|
||||
/* This is a generic callback. If the user data is not NULL it is assumed
|
||||
* to be a null terminated password. Otherwise the default password callback
|
||||
* is called.
|
||||
*/
|
||||
|
||||
|
||||
int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key)
|
||||
{
|
||||
int i;
|
||||
if (key == NULL) return def_callback(buf, len, verify, key);
|
||||
i=strlen(key);
|
||||
i=(i > len)?len:i;
|
||||
memcpy(buf,key,i);
|
||||
return(i);
|
||||
}
|
||||
|
||||
void PEM_proc_type(char *buf, int type)
|
||||
{
|
||||
const char *str;
|
||||
|
@ -10,11 +10,9 @@ B<openssl> B<dsa>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-passout arg>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -58,14 +56,10 @@ This specifies the input filename to read a key from or standard input if this
|
||||
option is not specified. If the key is encrypted a pass phrase will be
|
||||
prompted for.
|
||||
|
||||
=item B<-passin password>
|
||||
=item B<-passin arg>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
the input file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
@ -74,14 +68,10 @@ is not specified. If any encryption options are set then a pass phrase will be
|
||||
prompted for. The output filename should B<not> be the same as the input
|
||||
filename.
|
||||
|
||||
=item B<-passout password>
|
||||
=item B<-passout arg>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
|
||||
|
@ -8,8 +8,7 @@ genrsa - generate an RSA private key
|
||||
|
||||
B<openssl> B<genrsa>
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-passout arg>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -31,21 +30,17 @@ The B<genrsa> command generates an RSA private key.
|
||||
the output filename. If this argument is not specified then standard output is
|
||||
used.
|
||||
|
||||
=item B<-passout password>
|
||||
=item B<-passout arg>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
|
||||
These options encrypt the private key with the DES, triple DES, or the
|
||||
IDEA ciphers respectively before outputting it. If none of these options is
|
||||
specified no encryption is used. If encryption is used a pass phrase is prompted
|
||||
for if it is not supplied via the B<-passout> or B<-envpassout> arguments.
|
||||
for if it is not supplied via the B<-passout> argument.
|
||||
|
||||
=item B<-F4|-3>
|
||||
|
||||
@ -69,9 +64,10 @@ specified. The default is 512.
|
||||
|
||||
RSA private key generation essentially involves the generation of two prime
|
||||
numbers. When generating a private key various symbols will be output to
|
||||
indicate the progress of the generation. A B<.> represents each number tested.
|
||||
A B<+> means a number has passed a single primality test. A newline means that
|
||||
the number has passed all the prime tests (currently set to 5 single tests).
|
||||
indicate the progress of the generation. A B<.> represents each number which
|
||||
has passed an initial sieve test, B<+> means a number has passed a single
|
||||
round of the Miller-Rabin primality test. A newline means that the number has
|
||||
passed all the prime tests (the actual number depends on the key size).
|
||||
|
||||
Because key generation is a random process the time taken to generate a key
|
||||
may vary somewhat.
|
||||
|
@ -233,6 +233,49 @@ RC5 Cipher
|
||||
|
||||
=back
|
||||
|
||||
=head1 PASS PHRASE ARGUMENTS
|
||||
|
||||
Several commands accept password arguments, typically using B<-passin>
|
||||
and B<-passout> for input and output passwords respectively. These allow
|
||||
the password to be obtained from a variety of sources. Both of these
|
||||
options take a single argument whose format is described below. If no
|
||||
password argument is given and a password is required then the user is
|
||||
prompted to enter one: this will typically be read from the current
|
||||
terminal with echoing turned off.
|
||||
|
||||
=over 10
|
||||
|
||||
=item B<pass:password>
|
||||
|
||||
the actual password is B<password>. Since the password is visible
|
||||
to utilities (like 'ps' under Unix) this form should only be used
|
||||
where security is not important.
|
||||
|
||||
=item B<env:var>
|
||||
|
||||
obtain the password from the environment variable B<var>. Since
|
||||
the environment of other processes is visible on certain platforms
|
||||
(e.g. ps under certain Unix OSes) this option should be used with caution.
|
||||
|
||||
=item B<file:pathname>
|
||||
|
||||
the first line of B<pathname> is the password. If the same B<pathname>
|
||||
argument is supplied to B<-passin> and B<-passout> arguments then the first
|
||||
line will be used for the input password and the next line for the output
|
||||
password. B<pathname> need not refer to a regular file: it could for example
|
||||
refer to a device or named pipe.
|
||||
|
||||
=item B<fd:number>
|
||||
|
||||
read the password from the file descriptor B<number>. This can be used to
|
||||
send the data via a pipe for example.
|
||||
|
||||
=item B<stdin>
|
||||
|
||||
read the password from standard input.
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
|
||||
|
@ -35,12 +35,9 @@ B<openssl> B<pkcs12>
|
||||
[B<-keypbe>]
|
||||
[B<-keyex>]
|
||||
[B<-keysig>]
|
||||
[B<-password password>]
|
||||
[B<-envpass var>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-password arg>]
|
||||
[B<-passin arg>]
|
||||
[B<-passout arg>]
|
||||
[B<-rand file(s)>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
@ -69,23 +66,17 @@ by default.
|
||||
The filename to write certificates and private keys to, standard output by default.
|
||||
They are all written in PEM format.
|
||||
|
||||
=item B<-pass password>, B<-passin password>
|
||||
=item B<-pass arg>, B<-passin arg>
|
||||
|
||||
the PKCS#12 file (i.e. input file) password. Since certain utilities like "ps" make
|
||||
the command line visible this option should be used with caution.
|
||||
the PKCS#12 file (i.e. input file) password source. For more information about the
|
||||
format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
|
||||
L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-envpass var>, B<-envpassin password>
|
||||
=item B<-passout arg>
|
||||
|
||||
read the PKCS#12 file password from the environment variable B<var>.
|
||||
|
||||
=item B<-passout password>
|
||||
|
||||
pass phrase to encrypt any outputed private keys with. Since certain utilities like
|
||||
"ps" make the command line visible this option should be used with caution.
|
||||
|
||||
=item B<-envpass var>, B<-envpassin password>
|
||||
|
||||
read the outputed private keys file password from the environment variable B<var>.
|
||||
pass phrase source to encrypt any outputed private keys with. For more information
|
||||
about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
|
||||
L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
@ -183,23 +174,17 @@ used multiple times to specify names for all certificates in the order they
|
||||
appear. Netscape ignores friendly names on other certificates whereas MSIE
|
||||
displays them.
|
||||
|
||||
=item B<-pass password>, B<-passout password>
|
||||
=item B<-pass arg>, B<-passout arg>
|
||||
|
||||
the PKCS#12 file (i.e. output file) password. Since certain utilities like "ps"
|
||||
make the command line visible this option should be used with caution.
|
||||
|
||||
=item B<-envpass var>, B<-envpassout var>
|
||||
|
||||
read the PKCS#12 file password from the environment variable B<var>.
|
||||
the PKCS#12 file (i.e. output file) password source. For more information about
|
||||
the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
|
||||
L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-passin password>
|
||||
|
||||
pass phrase to decrypt the input private key with. Since certain utilities like
|
||||
"ps" make the command line visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin password>
|
||||
|
||||
read the input private key file password from the environment variable B<var>.
|
||||
pass phrase source to decrypt any input private keys with. For more information
|
||||
about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
|
||||
L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-chain>
|
||||
|
||||
|
@ -11,11 +11,9 @@ B<openssl> B<pkcs8>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-passout arg>]
|
||||
[B<-noiter>]
|
||||
[B<-nocrypt>]
|
||||
[B<-nooct>]
|
||||
@ -59,14 +57,10 @@ This specifies the input filename to read a key from or standard input if this
|
||||
option is not specified. If the key is encrypted a pass phrase will be
|
||||
prompted for.
|
||||
|
||||
=item B<-passin password>
|
||||
=item B<-passin arg>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
the input file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
@ -75,14 +69,10 @@ default. If any encryption options are set then a pass phrase will be
|
||||
prompted for. The output filename should B<not> be the same as the input
|
||||
filename.
|
||||
|
||||
=item B<-passout password>
|
||||
=item B<-passout arg>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-nocrypt>
|
||||
|
||||
|
@ -11,11 +11,9 @@ B<openssl> B<req>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-passout arg>]
|
||||
[B<-text>]
|
||||
[B<-noout>]
|
||||
[B<-verify>]
|
||||
@ -63,28 +61,20 @@ This specifies the input filename to read a request from or standard input
|
||||
if this option is not specified. A request is only read if the creation
|
||||
options (B<-new> and B<-newkey>) are not specified.
|
||||
|
||||
=item B<-passin password>
|
||||
=item B<-passin arg>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
the input file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
This specifies the output filename to write to or standard output by
|
||||
default.
|
||||
|
||||
=item B<-passout password>
|
||||
=item B<-passout arg>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-text>
|
||||
|
||||
@ -207,8 +197,8 @@ The options available are described in detail below.
|
||||
|
||||
The passwords for the input private key file (if present) and
|
||||
the output private key file (if one will be created). The
|
||||
command line options B<passin>, B<envpassin>, B<passout> and
|
||||
B<envpassout> override the configuration file values.
|
||||
command line options B<passin> and B<passout> override the
|
||||
configuration file values.
|
||||
|
||||
=item B<default_bits>
|
||||
|
||||
|
@ -11,11 +11,9 @@ B<openssl> B<rsa>
|
||||
[B<-inform PEM|NET|DER>]
|
||||
[B<-outform PEM|NET|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-passout arg>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -59,14 +57,10 @@ This specifies the input filename to read a key from or standard input if this
|
||||
option is not specified. If the key is encrypted a pass phrase will be
|
||||
prompted for.
|
||||
|
||||
=item B<-passin password>
|
||||
=item B<-passin arg>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
the input file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
@ -77,12 +71,8 @@ filename.
|
||||
|
||||
=item B<-passout password>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
|
||||
|
@ -10,8 +10,7 @@ B<openssl> B<spkac>
|
||||
[B<-in filename>]
|
||||
[B<-out filename>]
|
||||
[B<-key keyfile>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-passin arg>]
|
||||
[B<-challenge string>]
|
||||
[B<-pubkey>]
|
||||
[B<-spkac spkacname>]
|
||||
@ -48,14 +47,8 @@ present.
|
||||
|
||||
=item B<-passin password>
|
||||
|
||||
the private key file password. Since certain utilities like "ps" make the
|
||||
command line visible this option should be used with caution. Ignored if
|
||||
the B<-key> argument is not used.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the private key file password from the environment variable B<var>.
|
||||
Ignored if the B<-key> argument is not used.
|
||||
the input file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-challenge string>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user