Make pkcs12 and smime applications seed random number

generator (otherwise they don't work) and add -rand
option. Update docs.
This commit is contained in:
Dr. Stephen Henson 2000-02-12 03:03:04 +00:00
parent 07fc35519e
commit d13e4eb0b5
5 changed files with 74 additions and 13 deletions

View File

@ -4,6 +4,10 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
*) Add -rand argument to smime and pkcs12 applications and read/write
of seed file.
[Steve Henson]
*) New 'passwd' tool for crypt(3) and apr1 password hashes.
[Bodo Moeller]

View File

@ -114,6 +114,7 @@ int MAIN(int argc, char **argv)
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
apps_startup();
@ -170,6 +171,11 @@ int MAIN(int argc, char **argv)
badarg = 1;
}
} else badarg = 1;
} else if (!strcmp (*args, "-rand")) {
if (args[1]) {
args++;
inrand = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
@ -212,7 +218,7 @@ int MAIN(int argc, char **argv)
if(!(passin= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
*args);
badarg = 1;
}
} else badarg = 1;
@ -222,7 +228,7 @@ int MAIN(int argc, char **argv)
if(!(passout= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
*args);
badarg = 1;
}
} else badarg = 1;
@ -290,6 +296,9 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
BIO_printf (bio_err, "-passout p output file pass phrase\n");
BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
BIO_printf(bio_err, "-rand file:file:...\n");
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
@ -306,6 +315,12 @@ int MAIN(int argc, char **argv)
mpass = macpass;
}
if(export_cert || inrand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
@ -558,6 +573,7 @@ int MAIN(int argc, char **argv)
PKCS12_free(p12);
ret = 0;
end:
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif

View File

@ -102,7 +102,8 @@ int MAIN(int argc, char **argv)
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
args = argv + 1;
ret = 1;
@ -145,17 +146,27 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
else if (!strcmp(*argv,"-passin")) {
if (--argc < 1) badarg = 1;
else passin= *(++argv);
else if (!strcmp(*args,"-rand")) {
if (args[1]) {
args++;
inrand = *args;
} else badarg = 1;
need_rand = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
passin = *args;
} else badarg = 1;
} else if (!strcmp(*argv,"-envpassin")) {
if (--argc < 1) badarg = 1;
else if(!(passin= getenv(*(++argv)))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badarg = 1;
}
if (args[1]) {
args++;
if(!(passin= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*args);
badarg = 1;
}
} else badarg = 1;
} else if (!strcmp (*args, "-to")) {
if (args[1]) {
args++;
@ -220,6 +231,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
}
need_rand = 1;
} else if(operation == SMIME_DECRYPT) {
if(!recipfile) {
BIO_printf(bio_err, "No recipient certificate and key specified\n");
@ -230,6 +242,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
need_rand = 1;
} else if(!operation) badarg = 1;
if (badarg) {
@ -268,10 +281,20 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err, "-rand file:file:...\n");
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ret = 2;
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
@ -499,6 +522,8 @@ end:
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
if (need_rand)
app_RAND_write_file(NULL, bio_err);
if(ret) ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);

View File

@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
[B<-envpassin var>]
[B<-passout password>]
[B<-envpassout var>]
[B<-rand file(s)>]
=head1 DESCRIPTION
@ -253,6 +254,13 @@ option.
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
generator. Multiple files can be specified separated by a OS-dependent
character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
B<,>. For all others, it's B<:>.
=back
=head1 NOTES

View File

@ -28,6 +28,7 @@ B<openssl> B<smime>
[B<-from ad>]
[B<-subject s>]
[B<-text>]
[B<-rand file(s)>]
[cert.pem]...
=head1 DESCRIPTION
@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file.
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
generator. Multiple files can be specified separated by a OS-dependent
character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
B<,>. For all others, it's B<:>.
=item B<cert.pem...>
one or more certificates of message recipients: used when encrypting